Privacy of RFIDModels and Protocols
by
Kaleb Lee Leemaqz
Thesis submitted in accordance with the regulations for
the Degree of Doctor of Philosophy
Science and Engineering FacultyQueensland University of Technology
June 21, 2013
Abstract
RFID (Radio Frequency Identification) is a wireless identification method that
utilizes the reception of electromagnetic radio waves. As the applications of
such RFID networks continue to expand, the need for security and privacy also
becomes more and more prominent. A number of security models have been
proposed. However, most are of limited flexibility in capturing the distinctions
between the types of RFID protocols. A large number of RFID authentication
protocols have also been proposed; most either aim to provide strong security
properties or better efficiency, however, stronger security properties often come
at the cost of efficiency and vice versa.
The first part of this research has proposed a novel model to address the
identified limitations, to allow for an in-depth security analysis of current pro-
tocols. The later part of this research has been dedicated to developing new
flexible protocols that can be adapted to offer either stronger security or better
efficiency after the optimal tradeoff between security and efficiency of the pro-
tocol has been achieved. The Alternate-Tree Walking protocol was proposed as
a result. The protocol has addressed the privacy leakage concerns of tree-based
protocols without a substantial increase in computational efforts.
iii
Contents
Front Matter i
Keywords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Declaration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Previously Published Material . . . . . . . . . . . . . . . . . . . . . . . xvii
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
1 Introduction 1
1.1 Motivation: Traceability versus Scalability . . . . . . . . . . . . . 2
1.2 Objectives and Research Methodology . . . . . . . . . . . . . . . 3
1.3 Contribution and Outline . . . . . . . . . . . . . . . . . . . . . . 4
2 RFID 7
2.1 Components of RFID Networks . . . . . . . . . . . . . . . . . . . 7
2.1.1 RFID Tags . . . . . . . . . . . . . . . . . . . . . . . . . . 8
EPC Gen 2 Tags . . . . . . . . . . . . . . . . . . . . . . . 9
2.1.2 RFID Reader . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1.3 Back-end Database . . . . . . . . . . . . . . . . . . . . . . 10
2.2 Communication of RFID networks . . . . . . . . . . . . . . . . . . 10
2.3 Common Applications of RFID . . . . . . . . . . . . . . . . . . . 11
2.3.1 Asset Management . . . . . . . . . . . . . . . . . . . . . . 11
2.3.2 Library Systems . . . . . . . . . . . . . . . . . . . . . . . . 12
2.3.3 Access Control . . . . . . . . . . . . . . . . . . . . . . . . 12
2.4 Constraints of Protocol Design . . . . . . . . . . . . . . . . . . . . 13
v
2.4.1 Physical Constraints . . . . . . . . . . . . . . . . . . . . . 13
2.4.2 Protocol Design Constraints . . . . . . . . . . . . . . . . . 14
3 RFID Privacy Models 17
3.1 Privacy Properties . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.1.1 Tracking (Traceability) . . . . . . . . . . . . . . . . . . . . 18
3.1.2 Corruption . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Corruption of Tag . . . . . . . . . . . . . . . . . . . . . . . 19
Corruption of Database . . . . . . . . . . . . . . . . . . . 20
3.2 Model Background . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.2.1 Common Methods of Defining Privacy . . . . . . . . . . . 20
3.2.2 Reader and Back-end Database . . . . . . . . . . . . . . . 21
3.2.3 Presentation of Tags . . . . . . . . . . . . . . . . . . . . . 21
3.2.4 Adversary and Challenger . . . . . . . . . . . . . . . . . . 21
3.3 Previous Privacy Models . . . . . . . . . . . . . . . . . . . . . . . 22
Avoine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Juels et al. . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Vaudenay . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Canard et al. . . . . . . . . . . . . . . . . . . . . . . . . . 28
Hermans et al. . . . . . . . . . . . . . . . . . . . . . . . . 30
Burmester et al. . . . . . . . . . . . . . . . . . . . . . . . . 31
Ouafi et al. . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Ha et al. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Lai et al. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Deng et al. . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.4 Survey from Coisel et al. . . . . . . . . . . . . . . . . . . . . . . . 34
3.4.1 Five Protocols . . . . . . . . . . . . . . . . . . . . . . . . . 35
SK-Based Protocol . . . . . . . . . . . . . . . . . . . . . . 35
OSK Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 36
O-FRAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Tree-based Protocol . . . . . . . . . . . . . . . . . . . . . . 38
Public Key Protocol . . . . . . . . . . . . . . . . . . . . . 38
3.4.2 Comparison of Privacy Models . . . . . . . . . . . . . . . . 39
Number of Tags Allowed in the Experiment . . . . . . . . 39
Choice of Challenge Tags . . . . . . . . . . . . . . . . . . . 40
Corruption of Tags . . . . . . . . . . . . . . . . . . . . . . 40
vi
NARROW/WIDE . . . . . . . . . . . . . . . . . . . . . . 40
3.4.3 Additional Results . . . . . . . . . . . . . . . . . . . . . . 41
3.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
4 State-Aware RFID Privacy Model with Reader Corruption 43
4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
4.1.1 Stateful and Stateless Protocols . . . . . . . . . . . . . . . 43
4.1.2 Reader Corruption . . . . . . . . . . . . . . . . . . . . . . 44
4.1.3 Side-Channel Leakage . . . . . . . . . . . . . . . . . . . . 44
4.2 Model components . . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.2.1 RFID System . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.2.2 Adversarial Oracles . . . . . . . . . . . . . . . . . . . . . . 46
4.2.3 Adversary Classes . . . . . . . . . . . . . . . . . . . . . . . 48
4.2.4 Privacy definitions . . . . . . . . . . . . . . . . . . . . . . 50
4.3 General Comparison with Previous Models . . . . . . . . . . . . . 52
4.3.1 Creating Fake Tags . . . . . . . . . . . . . . . . . . . . . . 53
4.3.2 Challenge Tags . . . . . . . . . . . . . . . . . . . . . . . . 53
Interact with all Tags . . . . . . . . . . . . . . . . . . . . . 53
Choose and Corrupt Challenge Tags . . . . . . . . . . . . 53
4.3.3 NARROW/WIDE Adversaries . . . . . . . . . . . . . . . . 54
4.4 Comparison of Analyzing Previous Protocols . . . . . . . . . . . . 54
SK-Based Protocol . . . . . . . . . . . . . . . . . . . . . . 55
OSK Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 58
O-FRAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Tree-based Protocol . . . . . . . . . . . . . . . . . . . . . . 64
Public Key Protocol . . . . . . . . . . . . . . . . . . . . . 66
4.5 Impossibility of Stateless Protocols to Achieve Strong-Stateful Pri-
vacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
4.6 Minimalistic Generic Stateful Scheme Construction . . . . . . . . 69
4.7 Stateful Public-Key Protocol . . . . . . . . . . . . . . . . . . . . . 71
4.8 Achieving Active+C1+C2 Privacy . . . . . . . . . . . . . . . . . . 74
4.9 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
5 Classification of RFID Protocols 77
5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
5.2 Previous Classification Methods . . . . . . . . . . . . . . . . . . . 78
vii
5.2.1 Yousuf and Potdar . . . . . . . . . . . . . . . . . . . . . . 78
5.2.2 Alomair et al. . . . . . . . . . . . . . . . . . . . . . . . . . 79
5.3 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
5.4 Previous Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . 81
5.4.1 Stateless Protocols . . . . . . . . . . . . . . . . . . . . . . 81
Linear Time Protocols . . . . . . . . . . . . . . . . . . . . 82
Logarithmic Time Protocols . . . . . . . . . . . . . . . . . 83
5.4.2 Stateful Protocols . . . . . . . . . . . . . . . . . . . . . . . 85
5.5 Extended Classification of RFID Protocols . . . . . . . . . . . . . 87
5.5.1 Implications of Stateful and Stateless Protocols . . . . . . 88
Self-Update Stateful Protocols . . . . . . . . . . . . . . . . 88
Hybrid-Update Stateful Protocols . . . . . . . . . . . . . . 89
5.5.2 Additional Classes of Protocols . . . . . . . . . . . . . . . 90
Indexed Protocols . . . . . . . . . . . . . . . . . . . . . . . 90
Public Key Protocols . . . . . . . . . . . . . . . . . . . . . 90
5.6 Summary and Results of Extended Classification . . . . . . . . . . 90
5.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
6 Pre-Computation 95
6.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
6.2 Motivation and Previous Work . . . . . . . . . . . . . . . . . . . . 95
6.3 Phases and Time of Authentication Protocols . . . . . . . . . . . 97
6.4 Phases and Time of Pre-Computed Protocols . . . . . . . . . . . . 99
6.5 EP-UAP: Efficient Passively-Untraceable Authentication Protocol 100
6.5.1 EP-UAP Pre-Computation Process . . . . . . . . . . . . . 100
6.5.2 EP-UAP Authentication Process . . . . . . . . . . . . . . 101
6.5.3 EP-UAP Post-Authentication Process . . . . . . . . . . . . 102
6.6 Analysis of Protocols . . . . . . . . . . . . . . . . . . . . . . . . . 103
6.6.1 Efficiency Analysis . . . . . . . . . . . . . . . . . . . . . . 103
LRMAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Randomized Hash-Lock . . . . . . . . . . . . . . . . . . . 105
Tree-based Protocols . . . . . . . . . . . . . . . . . . . . . 106
EP-UAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
6.6.2 Security Analysis . . . . . . . . . . . . . . . . . . . . . . . 107
6.7 Feasibility of EP-UAP . . . . . . . . . . . . . . . . . . . . . . . . 109
6.8 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
viii
7 Alternate Tree-Walking 113
7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
7.2 Previous Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
7.2.1 Measuring Privacy Leakage . . . . . . . . . . . . . . . . . 114
7.2.2 Linear Protocols . . . . . . . . . . . . . . . . . . . . . . . 115
7.2.3 Tree-Based Protocols . . . . . . . . . . . . . . . . . . . . . 116
CR/MW Protocol . . . . . . . . . . . . . . . . . . . . . . . 117
7.2.4 Group Protocols . . . . . . . . . . . . . . . . . . . . . . . 119
7.3 Alternate-Tree Walking (ATW) . . . . . . . . . . . . . . . . . . . 120
7.3.1 ATW in a 3-layer tree . . . . . . . . . . . . . . . . . . . . 121
7.3.2 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . 122
7.4 Limitations of Privacy Leakage Measurement: The Extended Ex-
periment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
7.4.1 Comparison of experiment . . . . . . . . . . . . . . . . . . 124
7.4.2 The ATW Protocol . . . . . . . . . . . . . . . . . . . . . . 126
7.5 Experiment with Multiple Corruptions . . . . . . . . . . . . . . . 128
7.5.1 Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
7.5.2 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Linear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
CR/MW . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
ATW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
7.6 Other Considerations . . . . . . . . . . . . . . . . . . . . . . . . . 134
7.6.1 Privacy Analysis of the ATW-Protocol . . . . . . . . . . . 134
7.6.2 Further Reduction of Privacy Leakage for Small Networks 136
Further Reduction of Computation using Pre-Computation 137
7.7 Attacking the Scheme . . . . . . . . . . . . . . . . . . . . . . . . . 138
7.8 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
8 Conclusion and Future Work 141
8.1 Thesis Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
8.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
A Cryptographic Definitions 145
A.1 Pseudorandom Functions (PRFs) . . . . . . . . . . . . . . . . . . 145
A.2 One-Way Functions . . . . . . . . . . . . . . . . . . . . . . . . . . 146
ix
List of Figures
3.1 SK-Based Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.2 OSK Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.3 O-FRAP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.4 Tree-based Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.5 Vaudenay’s Public Key Protocol . . . . . . . . . . . . . . . . . . . 38
4.1 O-FRAP Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
4.2 Tree-based Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 64
4.3 Vaudenay’s Public Key Protocol . . . . . . . . . . . . . . . . . . . 66
4.4 Generic Stateful Scheme Construction . . . . . . . . . . . . . . . . 70
4.5 Active+C1 Stateful Private Protocol . . . . . . . . . . . . . . . . 72
5.1 Stateless Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
5.2 M-ary Tree Walking . . . . . . . . . . . . . . . . . . . . . . . . . 84
5.3 Stateful Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
5.4 Previous Classification of RFID Protocols . . . . . . . . . . . . . 87
5.5 Extended Classification of RFID Protocols . . . . . . . . . . . . . 93
6.1 Communication of Typical Authentication Protocols . . . . . . . . 97
6.2 Communication of Pre-Computed Protocols . . . . . . . . . . . . 99
6.3 EP-UAP Authentication Process . . . . . . . . . . . . . . . . . . 101
6.4 Authentication Time vs Number of Tags . . . . . . . . . . . . . . 104
7.1 Linear Time Protocol . . . . . . . . . . . . . . . . . . . . . . . . . 115
7.2 M-ary Tree Walking . . . . . . . . . . . . . . . . . . . . . . . . . 117
7.3 CR/MW Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
7.4 Group Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
7.5 ATW Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
7.6 Alternate Tree-Walking . . . . . . . . . . . . . . . . . . . . . . . . 121
xi
7.7 Leakage Comparison between Schemes . . . . . . . . . . . . . . . 123
7.8 Comparison of Experiments . . . . . . . . . . . . . . . . . . . . . 126
7.9 Alternate-Tree Walking Protocol (ATW-Protocol) . . . . . . . . . 127
7.10 Linear-Based Multiple Corruption Results . . . . . . . . . . . . . 130
7.11 Group-Based Multiple Corruption Results . . . . . . . . . . . . . 131
7.12 Tree-Based Multiple Corruption Results - 01 . . . . . . . . . . . . 132
7.13 Alternate-Tree Walking Multiple Corruption Results . . . . . . . 133
7.14 Comparison of Computations Required between Protocols . . . . 138
8.1 Alternate Tree-Walking in Protocol Classification . . . . . . . . . 143
xii
List of Tables
3.1 Extension of Model Comparison by Coisel et al. . . . . . . . . . . 41
3.2 Additional Model Comparison Results . . . . . . . . . . . . . . . 42
4.1 Adversary classes . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
4.2 Relationship between Adversary Classes . . . . . . . . . . . . . . 50
4.3 Comparison of our adversaries (above) with Vaudenay’s adver-
saries (below) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
4.4 Privacy Results of Previous Models - 1 . . . . . . . . . . . . . . . 55
4.5 Privacy Results of Previous Models - 2 . . . . . . . . . . . . . . . 55
4.6 Privacy Results of Proposed Models . . . . . . . . . . . . . . . . . 56
4.7 SK-Based Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 56
5.1 Extension of Privacy Results of Proposed Model . . . . . . . . . . 87
5.2 Summary of Protocol Type . . . . . . . . . . . . . . . . . . . . . . 92
6.1 Efficiency Comparison . . . . . . . . . . . . . . . . . . . . . . . . 105
6.2 Comparison of Protocol Running Times . . . . . . . . . . . . . . . 110
7.1 Leakage Comparison of Different Schemes . . . . . . . . . . . . . 123
7.2 Comparison of Experiments . . . . . . . . . . . . . . . . . . . . . 125
7.3 Leakage Comparison of Different Protocols . . . . . . . . . . . . . 128
7.4 Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
7.5 Alternate-Tree Walking Protocol for Small Networks (ATWS-Protocol)136
7.6 ATW and ATWS Protocol Results Comparison . . . . . . . . . . 137
7.7 Work Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
xiii
Declaration
The work contained in this thesis has not been previously submitted for a degree
or diploma at any higher education institution. To the best of my knowledge and
belief, the thesis contains no material previously published or written by another
person except where due reference is made.
Signed: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Date: . . . . . . . . . . . . . . . . . . . . . .
xv
QUT Verified Signature
Previously Published Material
The following papers have been published or presented, and contain material
based on the content of this thesis.
[1] Kaleb Lee(Leemaqz), Juan Gonzalez Nieto, and Colin Boyd. Minimizing In-
formation Leakage of Tree-Based RFID Authentication Protocols Using Al-
ternate Tree-Walking. http://eprints.qut.edu.au/49883/, 2012. Full version
of accepted short paper.
[2] Kaleb Lee(Leemaqz), Colin Boyd, and Juan Gonzalez Nieto. Minimizing In-
formation Leakage of Tree-Based RFID Authentication Protocols Using Alter-
nate Tree-Walking. In 17th Australasian Conference on Information Security
and Privacy, 2012.
[3] Kaleb Lee(Leemaqz), Juan Gonzalez Nieto, and Colin Boyd. Improving the
Efficiency of RFID Authentication with Pre-Computation. Australasian In-
formation Security Conference (AISC), 2012.
[4] Kaleb Lee(Leemaqz), Juan Gonzalez Nieto, and Colin Boyd. A State-Aware
RFID Privacy Model with Reader Corruption. The 4th International Sym-
posium on Cyberspace Safety and Security (CSS), 2012.
xvii
Acknowledgements
First of all I would like to express my deepest gratitude to my principal super-
visor Dr. Juanma Gonzalez Nieto for his constant guidance and support, whose
advice has been invaluable to me. At discussion, it is particularly helpful when
there is time facing challenges. I also would like to thank my associate supervisor
Professor Colin Boyd for his advice and support throughout my PhD candida-
ture. My sincere thanks to them for their continued patience, encouragement,
insightful discussions and invaluable advices. Without their inspirational guid-
ance and unselfish help , it would have been more difficult for me to complete
this doctoral thesis.
I am also grateful to my family for their patience and understanding through-
out this time. Especially to my parents for their continuously support and sac-
rifices, taking good care of me physically and mentally. For my two sisters, as
they are also embarking the same journey of their PhD candidature, I would like
to thank them for taking the interest to involve in innumerable discussions with
me. They also provided with examples of their study areas which stimulate and
inspire my thinking a lot.
My thanks also goes to fellow graduate students from the former Informa-
tion Security Institute for maintaining a friendly and supportive environment.
Finally, I would like to acknowledge the financial support from QUT.
xix
Chapter 1
Introduction
Radio Frequency Identification (RFID), as the name suggests, is a method of
identification utilizing the transmission and reception of electromagnetic radio
waves. The foundations of the technology stems from the IFF (Identity Friend
or Foe) system used during World War 2 used for identifying ally aircrafts [55].
Most modern RFID networks consist of three components: back-end database,
RFID readers, and RFID tags. In the usual scenario, a tag is interrogated when
it enters the operation range of a nearby reader; it then passes on identification
information to the reader which verifies the information with the help of the
connected back-end database.
RFID was originally intended to fulfill one purpose, allow for simple contact-
less identification. However, as their applications continue to expand, the need
for security and privacy becomes more and more apparent. The two areas of
security and privacy that have attracted the most attention are traceability and
authentication. Traceability refers to the ability to collect information based on
signals collected from a carried tag whereas authentication defines the ability for
a tag and reader to ensure each other’s identity before any sensitive information
is exchanged.
Traceability is a property of RFID that is directly inherited from its original
design objective as the next generation barcode, designed to be easily identifi-
able by any party using the correct equipment. However unlike barcodes which
require a direct line of sight, RFID only require tags to be within the inter-
rogation range of a reader to be identified giving adversaries the possibility of
1
2 Chapter 1. Introduction
collecting personal data without authorization [32, 51]. For example, by tracing
an identified RFID tag carried by a person it is possible to determine their daily
activities or habits. Therefore it is essential to ensure that adversaries cannot
trivially identify adjacent RFID tags based on their response alone.
Given the above discussed issues, the remainder of this chapter will be used
to outline the motivation and the objectives of this research. The chapter will
finish with the structural outline for the remainder of this thesis.
1.1 Motivation: Traceability versus Scalability
One may wonder if traditional key-exchange protocols can be used, as they may
be capable of addressing the privacy concerns of RFID. However aside from
being more computationaly demanding, most key-exchange protocols do not have
a focus on hiding the identity of the parties involved in a message exchange,
the most vital feature of RFID protocols [22]. This is also one of the reasons
why designing protocols for RFID is a non-trivial task. Nevertheless, it can be
observed that some key-exchange techniques can be applied suitably to RFID
protocols.
Since this research is aimed at passive RFID tags where resources are scarce,
the main focus of this research is to investigate and propose novel protocols
with an emphasis on the balance between traceability and scalability. The two
properties are in some way contradictory due to the resources constraints of
passive RFID tags, thus it is always possible to improve the privacy of a protocol
by sacrificing scalability, and vice versa.
There are many forms of tracing, some of which are beyond the limits of
what can be achieved using protocols alone. The most notable example is phys-
ical tracing. Consider applications in a library. It should not be difficult for
an adversary to physically locate books without the use of RFID. Obviously
physical tracing is beyond the scope of this research. The most relevant form
of traceability that is of interest to this research is the ability for an adversary
to trace a tag by associating two message exchanges at different points in time.
This problem is further complicated when corruption, the leakage of secrets, is
considered.
Scalability is the ability for the protocol to scale from very small networks
to very large networks. As the use of passive RFID tags becomes much more
1.2. Objectives and Research Methodology 3
common, it is typical for networks to have millions of nodes. Traditional large
networks, most notably the internet, are seldom lacking in resources compared to
RFID networks. In existing protocols, it is evident that the essence of designing
scalable protocols is to minimize the computation per authentication required
on the back-end database, which is also the greatest difficulty. Thus it can be
considered that more efficient protocols are also more scalable.
1.2 Objectives and Research Methodology
The main difficultly of designing RFID protocols is to provide a certain level
of privacy within a limited computational bound. As the aim of this research
is to propose novel RFID protocols, the evaluation of protocols is therefore a
non-trivial matter. The comparison metrics for both privacy and efficiency must
be also be carefully considered independently. This section will outline the basis
of comparison that will be used throughout the remainder of this document.
Privacy evaluation of protocols will be conducted using formal privacy models.
Models are formal abstractions of the real-world operations of the networks,
which can allow for a common platform in evaluating all protocols. However, as
discussed in later chapters, current models are typically lacking in certain features
whereas others do not provide the adequate distinction between the slight, but
critical, differences between similar protocols. Therefore, part of this research
will involve investigating and proposing novel features useful in an RFID privacy
model.
Evaluation of efficiency, and scalability, of protocols is in some ways more
difficult than evaluating the privacy of protocols. Typically, protocols are pro-
posed using the ideal functionality of certain cryptographic primitives, but do
not always specify concrete algorithms that can be utilized when implemented.
Thus the comparisons used in this research will not aim to provide absolute
measurements, but will instead provide a relative comparison between protocols.
In order to identify drawback and to address identified concerns in existing
RFID protocols, it is possible to deduce the following objectives:
• Determine a suitable formal RFID privacy model. This can be attained by
either adapting an already proposed model or to propose a novel model.
• Identify shortcomings or possible improvements of current RFID protocols.
4 Chapter 1. Introduction
• If interesting results are attained from the previous two objectives it would
be most useful to propose novel protocols that build on such findings.
1.3 Contribution and Outline
From the above objectives, the steps and results are organized in subsequent
chapters as follows:
• To analyze the issue of privacy of RFID system, one must first have a
formal understanding of the definition of privacy. Thus chapter 3 describes
a number of formal models for RFID privacy. In the review, it can be seen
that there is currently no ideal model.
• Due to the conclusions of chapter 3, chapter 4 proposes a novel RFID
privacy model which addresses the concerns raised in the previous chap-
ter. The proposed RFID model not only addresses flexibility and usability
concerns of previous models, but also addresses previously ignored issues
including reader corruption and different memory channels. The model is
published in CSS2012 [39].
• Chapter 5 describes the currently proposed RFID protocols based on pre-
vious classification methods. However, the previous classification methods
are also shown to be ineffective for categorizing newer protocols. Thus this
chapter also proposes an extension to a previous classification method. The
extended method can be used for two main purposes: firstly, the ability to
provide a relative estimation of the privacy and efficiency properties of a
protocol before in-depth analysis. Secondly, it provide objectives for future
protocol designers.
• Chapter 6 investigates the use of pre-computation as a technique to im-
prove the efficiency of RFID protocols. The technique was shown to be
able to decrease the time required for a protocol session in the given exam-
ple protocol. The technique is also used in the protocol presented in the
subsequent chapter. The technique is published in AISC2012 [37].
• Chapter 7 proposes a technique to decrease the privacy leakage of tree-
based protocols. The chapter first examines the privacy leakage of various
types of protocols and shows that tree-based protocols are prone to leakage
1.3. Contribution and Outline 5
of privacy due its structured nature of its secrets. Following the analy-
sis, the alternate-tree walking scheme is proposed to address this privacy
leakage. Finally, the scheme is shown to be able to reduce leakage to a
minimum. The pre-computation technique is also applied to the proposed
scheme allowing further improvement to its efficiency. The technique is
published in ACISP2012 [38].
Chapter 2
RFID
RFID is a technology that allows the use of electromagnetic fields for the wireless
transfer of data. Although the foundations of the technology go back to World
War 2 in the form of the IFF(Identifying Friend or Foe) system, only in recent
years did their popularity arise in commercial applications [55]. The sudden
surge in popularity is often attributed to Wal-Mart, which in 2005 required its
suppliers to attach RFID tags to their supplies [51]. Although the move did not
proceed as smoothly as expected, it attracted great attention to this emerging
technology. Today RFID is used in a large number of applications including,
but not limited to: access control, contactless payment, sports, animal tracking
and identification, passports library systems, and inventory management. The
remainder of the section describes each component of an RFID network along
with its function before discussing some common applications of the technology1.
2.1 Components of RFID Networks
An typically RFID network is the interconnection and communication between
RFID tags and readers. However in many networks a back-end database is
connected to the reader to allow for additional functionality. This section will
briefly introduce the three most common basic components used in modern RFID
networks: RFID tag, RFID reader and the Back-end Database.
1A more detailed discussion of the privacy issues and requirements are given in chapter and4
7
8 Chapter 2. RFID
2.1.1 RFID Tags
RFID tags are typically a physically small microchip connected to an antenna in
a single package. These tags are subsequently attached or embedded to objects
or organisms primarily for the purposes of identification and tracking. There
are currently three types of RFID tags, active, semi-passive and passive each
differentiated by their source of power for communication [51].
• Active tags are the most expensive and most computationally competent
type of RFID tags as they have their own source of power, typically in
the form of an on-board battery, which is used for both computational and
communicational tasks. They are also the only type of tag that can initiate
communication with a reader.
• Semi-passive, sometimes referred to as semi-active tags, technically speak-
ing more closely resembles passive tags as they do not rely on its own power
source for communication. Nevertheless, having their own source of power
they can be as capable as active tags in regards their computational power,
but unlike active tags they do not use their on-board power source for sig-
nal transmission2. Similar to passive tags, they are not capable of initiating
communication with readers. In order for semi-passive, and passive, tags to
communicate with readers, they use the power from the reader’s antenna
and reflect it back to the reader.
• Passive RFID tags are the type of tags that have been given the most
attention, and also the emphasis of most research, due to their popularity.
This type of tag is the cheapest type of RFID tag and has already been
widely adapted in a variety of applications most prominently, in production
line control, library systems and transport fare cards. Passive tags, similar
to semi-passive tags, cannot initiate communication with readers and have
to rely on the reader for power. They are also the most resource limited
type of tag both in terms of the amount of memory available and the
amount of data they can process. Passive tags will also be the main focus
of this research, hence passive tags would be referred to as just RFID tag
or ‘tag’ unless otherwise specified.
2Semi-passive tags are known to have longer communication range when compared to passivetags as they do not depend on power from the reader for computational purposes, henceallowing to utilize all power from the reader for communication purposes.
2.1. Components of RFID Networks 9
EPC Gen 2 Tags
One of the most commonly discussed RFID tag standards is the EPC Gen 2
RFID Tag [1]. The standard is the second generation UHF (Ultra-High Fre-
quency) RFID tag standard by EPCgobal. The EPC Gen 2 tag specification
includes 4 classes of tags, class 1 and 2 are passive tags, whereas class 3 and 4
are semi-passive and active respectively. Since the topics discussed in this thesis
have little relevance to the operating frequencies of specific tags or the , this sec-
tion will focus on the operation parameters of the tag and use such parameters
as a baseline for RFID tags. Most important are memory size and operation
limitations of these tags.
All four classes of Gen 2 tags share the same basic non-volatile memory
features and are as follows:
• User Memory: 0 - 64 bits
This memory space can be expanded up to 2048 bits.
• EPC Number: 96 bits
• Tag Identifier: 32-64 bits
In addition to the useable memory listed above, a tag’s memory is also used
to store two passwords. Each contains a 32 bit kill password, for permanently
disabling the tag, as well as a 32 bit access password, for the purpose of enabling
and disabling access to the tag. These passwords can potentially be exploited to
perform a denial-of-service attack.
When designing protocols, operational parameters of these tags should also
be considered. Gen 2 tags can be written at a speed up to 7 tags per second,
and can be read by a single reader at up to 1000 tags per second.
2.1.2 RFID Reader
RFID readers are the point of contact with RFID tags. They are typically an
embedded system with an included radio. Readers typically possess at least a lim-
ited amount of computational power for decoding and decryption of signals [32].
This component is considered to be the most critical within the infrastructure
as failure of a tag is unlikely to cause any major disruptions but the failure of
a reader is enough to halt the operation of a small network. In applications
10 Chapter 2. RFID
where a database is not used or where communication with the database is often
disrupted, the reader is capable of performing the operations of the database.
As readers act as a power source of passive tags, the range of a network is
entirely dependent on the broadcast strength on the reader. As a consequence
due to its strength compared to that of the tag, it is also much easier for an
adversary to eavesdrop the communication of the reader than that of the tag.
2.1.3 Back-end Database
Strictly speaking, the database is not considered to be a core component of an
RFID network, its use however, greatly extended a system’s functionality. The
back-end database generally considered to be a workstation-class system much
more computationally capable than other components [55]. In most applica-
tions, tag identifiers act as pointers referring to additional information about the
attached object stored in the database.
The communication between the reader and database is assumed to be secure
and not susceptible to any attack. Since the connection between the reader and
the database is assumed to be based on more traditional computer networks,
and that both the reader and database are computational capable systems, the
security issues are not considered to be specific to RFID networks.
2.2 Communication of RFID networks
One of the differences between typical wireless networks and RFID networks is
the communication channels between the reader and tag. Due to the nature of the
technology, there are considered to be two directional communication channels
between a reader and tag; the forward channel and the backward channel [62].
The forward channel is the signal broadcasted by the reader, and the backward
channel is the signal broadcasted from the tag.
Forward Channel
The Forward channel is the directional communication link from the reader to
the tag. The range of this channel is determined by the broadcast signal strength
of the reader’s antenna. Although technologically the broadcast power can be
increased to extended the range of a network, most countries have regulations
which limit the communication power to between 1W to 4W. Effectively, within
2.3. Common Applications of RFID 11
such limits, it is still possible for readers to broadcast signals to a few hundred
meters under ideal conditions. However, in typical indoor usage scenarios the
expected range would be within 10 meters.
Backward Channel
The Backward channel is the directional communication channel from the tag
to reader. The most interesting difference between this channel and the For-
ward channel is the relatively weak signal strength. For passive RFID systems,
the type that is of most interest to this research, the tags communicate with
the reader by absorbing power from the reader’s signal and reflecting it back.
Consequently, the broadcast strength is a lot weaker than that of the forward
channel. Thus it is sometimes assumed that an adversary can only eavesdrop
the communication of the forward channel but not the backward channel due to
the proximity requirement.
2.3 Common Applications of RFID
Commercially, RFID was designed to replace the traditional barcodes. The tech-
nology offered several advantages over barcode, most notably the ability for iden-
tification without a line-of-sight, as well as real-time tracking of tags [35,51]. As
one may notice, most applications rely heavily on the two attributes. This sec-
tion will continue to discuss some common applications of RFID. The following
section will first introduce the general application of the technology followed by
the security issues due to the introduction of the technology.
2.3.1 Asset Management
The use of RFID systems in asset management is very similar to its use in
library systems. Its main advantages are convenience and security. As mentioned
previously, RFID allows for real time tracking of tags. When attached to items,
for example in a warehouse, the technology is particularly useful in locating
misplaced stocks. By ensuring that an entire warehouse is covered within the
network of RFID readers, it is even possible to monitor the real-time physical
flow of inventory.
As with most other applications, the convenience of RFID is also its main
drawback. The use of RFID for inventory opens the risk of a competitor eaves-
12 Chapter 2. RFID
dropping over the status of the warehouse that can lead to a number of privacy
issues. For example, a competitor can potentially keep track of its rival’s product
flow by scanning a rival’s warehouse with an RFID reader, a potentially huge
business information breach.
2.3.2 Library Systems
One of the most widespread application of RFID is in library systems. Tra-
ditionally library systems relied on barcodes for management of items, where a
barcode is attached to each item. The attached barcode functions as a pointer to
the details of the attached item stored in the library database. An RFID library
system also functions in a similar way, where a unique identifier is stored in each
tag which acts as a pointer to the library database. However RFID allows for
a much more efficient process of items in additional to additional security mea-
sures. Firstly since RFID does not require line-of-sight operation, it is possible
to process multiple items concurrently eliminating the serial processing require-
ment of barcodes. The more efficient process also presents the possibility of an
automated process of borrowing and returning of items. The technology is also
used for security purpose, by installing readers close to exit points, it is possible
to detect any non-processed items that are carried away from the library.
As with most technology, the use of RFID is not without its drawbacks. Since
the identity of books can also be known to an adversary, its use is susceptible
to at least two forms privacy breaches. Firstly as a form of physical tracking,
it is possible to physically track a person based on the book that they have
borrowed. The second form is a more serious form of privacy breach, as it is now
much simpler to determine an individual’s interest.
2.3.3 Access Control
RFID is commonly used for access control in the form of passive RFID contact
cards. In such a system, the owner would be required to place the card within
the reading range of the reader in order to be allowed access to restricted areas.
Doing so also allows for automatic logs to be created in a database making each
attempt identifiable.
However, using RFID as a security measure introduce other security risks.
Since there is now a dependence on the physical token and its safety: the access
2.4. Constraints of Protocol Design 13
card. Theft is one major concern, however cloning is a much more significant
threat. Tag cloning can be performed without being noticed by the owner but
the cloned tags would be as capable as the original and can easily be used to
impersonate the original owner. This can be achieved by an adversary extracting
the information in a tag and replicating the extracted information in another
tag [51].
2.4 Constraints of Protocol Design
In order to recognize the limitations of RFID, we must be aware of the typical
operation of RFID networks and their components. First and foremost, RFID
like all wireless technologies operates within an operational range limited by the
power of the communication hosts, i.e. in the case of RFID networks it would be
readers and tags [36]. This section categorizes the limitations of RFID into two
categories: Physical constraints and protocol design constraints. Physical con-
straints are potential security issues attributed technological limitations, whereas
protocol design constrains describe the limitations that protocol designers are to
balance.
2.4.1 Physical Constraints
As mentioned in the previous section, one of the main security concerns with
RFID is traceability of tags. However it should be noted that with protocols it is
possible to avoid the identification of a tag based on its response alone, but it is
very possible for an adversary to detect the presence of a tag due to a response.
In other words, by using a reader, although it may not be possible to identify
a particular tag based on its response alone, it is still possible for an adversary
to gain knowledge of the physical existence of a tag. Consequently, in most
research this is not assumed to be a weakness in the protocol but a weakness of
the technology. As a result this issue is often disregarded when discussing the
security of RFID protocols.
It is also essential to recognize that, unlike typical computer networks where
nodes and server are assumed to be secure whereas the communicational chan-
nels are insecure, nodes(i.e. tags) on the network are assumed to be deployed in a
hostile unsupervised environment3 where they are susceptible to possible attacks
3If for example, an RFID tag is attached to grocery item, once the item is sold it is left in the
14 Chapter 2. RFID
especially physical attacks. Under such circumstances, RFID are particularly
susceptible to tag cloning and particular forms of Denial-of-Service (DoS) at-
tacks [51]. Cloning attacks typically refer to the process of physically extracting
all information, and secrets, from a tag before writing it to another tag, presum-
ably a tag that offers identical functions, resulting in two indistinguishable tags
from a reader’s point of view. As previously mentioned, since this attack can
only be prevented by physical measures, such as indestructible tags or the use
of physically unclonable functions, this attack can be used independent of the
protocol used. As a result protocols aim to minimize the damage by minimizing
security leaks after tags have been compromised.
RFID tags are very fragile when compared to traditional network nodes,
due to their size and cost requirements, and so they are extremely vulnerable
to DoS attacks. One of the easiest type of DoS attack on RFID is physical
damage, either accidental or deliberate. As tags rely on an antenna for both
power and communication, if the antenna is damaged in any manner the tag will
cease to function. Since the antenna is the largest part of most RFID tags it is
particularly susceptible to damage, therefore it is up to the physical design of the
tag to reduce the chances of such attack. Moreover RFID, as with any wireless
networks, is particularly susceptible to interference. However since the relative
transmission power of tags is much lower than that of more traditional networks
or even readers it requires much less effort to jam signals from and to tags.
2.4.2 Protocol Design Constraints
One of the most discussed limitations of RFID tags is their lack of computational
power. Consequently traditional authentication protocols and cryptographic op-
erations are too expensive to be used. Hash operations are currently considered
to be the most complex operation that can be used by RFID tags. In addition,
traditional authentication protocols often establish keys between the communi-
cating parties for data exchange as part of the authentication process, not only
is this not required for most RFID applications where only identification is re-
quired, the process often requires the use of cryptographic operations that are too
computationaly expensive for RFID tags. Due to this limitation a large amount
of research has been focused on both RFID specific authentication protocols as
well as minimizing the computational requirements of traditional cryptographic
hands of the purchase who in turn could easily perform any attack given the right equipment.
2.4. Constraints of Protocol Design 15
operations.
Aside from the lack of computational power, RFID also suffers from lack of
memory and lack of power. Currently deployed RFID systems seldom use tags
with more than 256 bits of memory which is used for all purposes [22]. Although
this is a major limitation, surprisingly it is rarely discussed or considered to be a
focus in most research. Another major limitation that also has been given little
attention is the power constraints of RFID tags, or most commonly referred to
by its consequent communicational limitation. Although not as limiting as the
previous two constraints, no independent source of power means that tags have
to use the small amount of power from the reader for both computation and
communication. Data transmission is a much more power consuming task when
compared to computation. Therefore protocols should not only minimize the
amount of computation and memory, they should also aim to minimize both the
number of messages required and the length of these messages.
Chapter 3
RFID Privacy Models
Security models are a formal abstraction of security requirements and adversarial
powers that can be used to determine the security of protocols. A proof ensures
that the security requirements are met under a given assumption of the hardness
of another computational task. However, as an abstraction of the real world,
particular care must be taken with the security definitions as a model cannot
guarantee resistance against attacks that are not included in the security defini-
tion. It should also be noted that models do not account for weaknesses that are
introduced in the implementation of protocols. This chapter will outline some
of the more significant or notable works that have been presented in the area
of RFID privacy models. The following section will first give some background
on some of the features that models should aim to capture followed by a more
detailed description on previously proposed privacy models.
3.1 Privacy Properties
Since the aim of models is to provide a formal abstraction of the practical world, it
is of upmost importance to first understand the common attacks that need to be
abstracted. The two most common areas of attacks are tracking and corruption.
This section will continue to discuss these two types of attacks in further detail.
17
18 Chapter 3. RFID Privacy Models
3.1.1 Tracking (Traceability)
Tracking, more commonly referred to as the traceability of protocols, is the most
commonly discussed privacy leaking property of RFID. In the simplest form it
can reveal a tag’s location. More severe attacks can potentially disclose sensitive
private information about an individual or organization. The core of the problem
stems from an adversary’s ability to identify a tag for a period of time;, it is
possible for this knowledge to be used for malicious purposes. This section will
outline attacks beginning from more basic information leakages before continuing
to more serious threats.
Leakage of information in its simplest form is when an adversary can gain in-
formation about a tag through a single message exchange. This is most common
when encryption is not used in the protocol for message exchange. For exam-
ple, in early RFID applications, tags are simply considered to be barcodes that
are capable of storing more information. More often than not, the tags them-
selves will store information about the attached item and sending it off without
encryption. This is the easiest way for an adversary to gain knowledge, and sub-
sequently identify the tag. As one may expect, this basic property is captured
in all privacy models.
A more advanced form of tracking is when an adversary can link multiple
interactions of a tag in more than one point in time. For example, if a person is
wearing a jacket with an RFID tag attached and walks past a mall with a number
of RFID readers controlled by the adversary. The attack is considered successful
if an adversary can link protocol exchanges on different readers that originated
from the same tag, thus the adversary is able to deduce the location of the person
in different points in time. This attack can potentially be prevented when a
protocol introduces randomness for every interaction. However the inclusion of
randomness typically presents other problems, most commonly the increase of
processing required on the database during a protocol exchange. In the described
basic form this vulnerability is adequately captured in most, if not all, privacy
models. The biggest challenge for model designers, however, is how to capture
this property when the corruption of tag secrets is considered.
3.1. Privacy Properties 19
3.1.2 Corruption
Corruption is the common term which describes the situation where an adversary
has gained information stored on the tag or database. This can be performed
in many ways including the physical dismantling of a tag. Most research in the
past has focused upon the corruption of tags, thus this section will only briefly
discuss the implication of reader corruption.
Corruption of Tag
Corruption of a tag can be performed in a number of ways. The most commonly
discussed method is the physical extraction of information. This procedure re-
quires the adversary to obtain physical access of the tag, and follows to extract
all data stored on the tag from the embedded microchips themselves. The com-
mon assumption is that the tag would be destroyed in the process, an assumption
that is also modeled as a DESTRUCTIVE adversary. However since there is also the
possibility of tag cloning, where the adversary creates an identical tag from the
information extracted, some models allow corrupted tags to remain active. Thus
for the interest of this research, the tag is assumed to remain active unless oth-
erwise specified. Nevertheless, the main interest in corruption is the time when
corruption occurs and the ability for an adversary to correlate past or future
protocol exchanges. It should also be noted that it is possible for corruption to
occur multiple times throughout the life time of a tag,
Assume that the corruption of a tag occurs at one point in time. Immediately
the question arises concerning the privacy of previous and future protocol ses-
sions. Since the corruption of a tag might be observable, previous interactions
are sometimes of more interest to researchers. Nevertheless this research con-
siders both to be important. The privacy of previous sessions after corruption
is commonly addressed by the use of protocols with updatable secrets. As long
as the secret is updated using a one-way function it should be infeasible for an
adversary to attack previous sessions. To provide privacy after corruption, how-
ever, has proven to be much more difficult; one popular protocol example that
provides this characteristic is a public-key based protocol (described in section
3.4.1).
A more interesting and troublesome scenario is if corruption of a single tag occurs
not only once, but multiple times. This possibility significantly complicates
20 Chapter 3. RFID Privacy Models
an already complex problem. In addition to the protocol exchanges before the
first and after the last corruption, there are also concerns for all the sessions in
between. Most current protocols do not provide privacy under such challenging
conditions.
Corruption of Database
Corruption of the back-end database, or in some applications the reader, is an
even more devastating attack than the corruption of tags. Since the database
stores information of all tags in the network, the compromise of the database can
be the equivalent to corruption of all tags in the system. However, this is not
considered in current privacy models. Logically, since the database is assumed
to be a workstation or server type computer system, it should be possible for the
system to be attacked. As such this seldom discussed vulnerability should also
be considered in models. However, this is not discussed in any of the previously
discussed models1.
3.2 Model Background
Before a more detailed discussion of models is given, it would be useful to in-
troduce some commonly used terms and concepts that are used throughout this
thesis. This section will explore and discuss some common abstraction techniques
and assumptions that are frequently used. The common privacy model involves
a privacy experiment between an adversary and a challenger, which simulates
the tag and database. Typically, the aim of the adversary is to trace tags that
are presented by the challenger.
3.2.1 Common Methods of Defining Privacy
The aim of a model is to define what it means to be private, typically in the
form of an experiment. As there can be multiple definitions of privacy, there
can also be more than one experiment. This is usually the case in models which
aim to capture different levels of privacy. An experiment is the simulation of the
interactions between the adversary and an RFID system under strictly defined
circumstances. These circumstances vary between models, and the ability for a
1Implications of this attack is discussed further in section 4.1.2
3.2. Model Background 21
model to accurately simulate the practical operation of the network ultimately
determines the usefulness of the model.
3.2.2 Reader and Back-end Database
Typically in models, the reader and database are treated as a single entity, and
only one reader is used in the network. The reader is assumed to be connected to
the back-end database though a secure channel, thus the channel is out of reach
of the adversary. This is because readers and databases communicate though
traditional networks, for example, an Ethernet connection, on which vulnerabil-
ities has been studies extensively. Nevertheless. if vulnerabilities exist, a poorly
implemented RFID protocol is unlikely to be the cause. Consequently, the se-
curity of the communication channel between reader-to-tag is considered to be
independent of the reader-to-database channel, and should be studied indepen-
dently.
3.2.3 Presentation of Tags
In a real-world implementation, the system will typically include a number of tags
and a reader (and database) collectively called an RFID network. This topology
is commonly reflected in privacy models, where the adversary can interact with
a pool of tags simulating all tags in the system. In some models, there is also the
simulation of a tag entering and exiting the communication range of the reader or
adversary. Although this addition allows the models to more closely simulate the
physical constraints of an RFID system, it has yet to show any benefits compared
to other models. Other models simply assume that all tags in the system are
within communication range.
Used in all models are the notions of challenge and non-challenge tags. Chal-
lenge tags refer to the tag, or tags, that are selected, either by the simulator or
adversary, that the adversary is to attempt to trace. Typically, this can be either
one or two tags. All other tags are thus referred to as non-challenge tags.
3.2.4 Adversary and Challenger
In all models, experiments, sometimes referred to as games, are conducted be-
tween the challenger (C) and an adversary(A). The role of the challenger is to
simulate the RFID system, the reader and a number of tags. The uppermost aim
22 Chapter 3. RFID Privacy Models
of the adversary, in most models, is to trace tags within the simulated system.
Thus models should not limited the type of attacks that the adversary can launch
to achieve this. Their means of communications and interactions is through or-
acles. These oracles, define the commands that the adversary can issue when
interacting with the challenger. Oracles vary between models and are also the
determining factors of the strength of the adversary. An adversary is said to be
weaker if there are more limits on the oracles it can access. Through limiting the
oracles, it is also possible for models to analyze the adversary with varying levels
of power. Below are a summary of the common oracles that are used throughout
most models:
• Launch(T ) : Starts a fresh protocol session between the reader and tag T .
• SendTag(T,m) : Sends a message m to tag T .
• SendReader(m) : Sends message m to reader.
• CreateTag : The adversary creates a legitimate tag in the system.
• Corrupt(T ) : The adversary is given the information stored in tag T .
In addition to the above oracles, some models also simulate the physical
proximity requirements of tag integration. These models have the following two
additional oracles: DrawTag() and FreeTag(). DrawTag() models tags entering
the field of integration whereas FreeTag() model tags as leaving the field. Tags
within range are pseudonyms which are used to refer to a particular tag at a
particular time. Although it is only possible for a tag to hold a single pseudonym
at a time, it is possible for a tag to be assigned a different pseudonym every time
[DrawTag()/FreeTag()] is called.
3.3 Previous Privacy Models
As a large number of RFID models have been proposed, it is more practical to
focus only on more popular models. As mentioned previously, RFID security
models should have particular focus on various aspects on the untraceability of
the system. However, more often than not, the proposed models do not cater for
these important properties and when they do they seldom capture all the desired
properties. The remainder of this section is used to introduce proposed RFID
models relative to their time of proposal.
3.3. Previous Privacy Models 23
Avoine
In 2005, Avoine [5] proposed an adversary model for RFID with two notions of
privacy. Existential Untraceability and Universal Untraceability. Both of these
notions are based on the fundamental points of untraceability identified in the
paper. The paper describes the fundamental points of traceability as the physical
nature of tags, similar to physical traceability as we described in section 3.3,
the ability of an adversary to temporarily trace a tag, defined as existential
untraceability, as well as the ability of as adversary to infinitely trace a tag,
defined as universal untraceability.
In the experiment of both notions, the adversary is allowed to interact with
the system, i.e. a single tag and reader given by the challenger, and thus obtain
an interaction whose length is less than a given parameter after which it has to
distinguish the given tag amongst two tags presented by the challenger. The
difference between the two notions is that in the definition of Existential Un-
traceability, the adversary is allowed to interact, limited by the previously given
parameter, with two tags and the reader, before attempting to distinguish one
of the tags. Whereas in the definition of Universal Untraceability the adversary
is not bounded by any parameter after the challenge tag is chosen.
Using this model the authors have shown that both notions of untraceability
are reachable. It should be noted that the model is mostly aimed at stateless
protocols. This is partly because at the time of publication stateful protocols are
still relatively immature with some of the stronger protocols yet to be proposed.
More recent stateful protocols, however, would remain insecure under both defi-
nitions as the model does not cater for the stateful protocols which rely on state
updates to provide untraceability. Apart from this property, this model does not
provide a definition of authentication.
Since the model does not idealize the entire system, but instead abstracts
the system to only two tags, this introduces a number of limitations. Most
notably, the model is not able to analyze protocols where the compromise of
non-challenge tags can weaken the privacy of challenge tags. Secondly, it is not
possible to simulate the corruption of the reader. Even if the system consists
of only two tags, the adversary would only be allowed to corrupt one tag, thus
limiting the practicability of the model.
24 Chapter 3. RFID Privacy Models
Juels et al.
In 2006, Juels and Weis [33] proposed a security model that focused on charac-
terizing strong2 adversaries to address the shortcomings of the model proposed
by Avoine [5]. This model also aims to cater for protocols that make use of
correlated secrets, for example tree-based protocols, a notable missing feature
in the original model. Unlike the previous model, privacy (or untraceability)
in this model is defined as one property, so there only exists one privacy ex-
periment. However, the experiment in this model follows much more closely to
the indistinguishability game of IND-CPA and IND-CCA. Instead of identifying
a given compromised tag between two tags, it has to distinguish between two
uncompromised tags, even if it is allowed to compromise all other tags in the
system. Nevertheless, this change in the privacy definition does not capture the
state update ability of stateful protocols which was also absent in the previous
model.
The privacy of Juels et al. is defined by an experiment between a challenger,
C, and and adversary A. One notable distinction of this model is the SetKey
oracle used for tag corruption. Whereas other models make use of the Corrupt
oracle, this model is replace by the SetKey oracle. The unique oracle in addition
to returning the secret(s) of a tag, also allows the adversary change the secret of
the selected tag. Also defined are communicational parameters r, s, and t, limit-
ing reader initialization, computation steps, and tags initialization respectively.
The experiment consisting of two phases and are as follows:
Definition 3.3.1 (Privacy).
Setup
• C initializes system S
Phase 1: Learning
• A may do the following in any interleaved order:
– A interacting with tags and the reader with ReaderInt and TagInit
without exceeding r and t respectively.
– A can make SetKey calls to (n-2) tags.
2The term ’strong’ in this model does not refer to the STRONG adversary of the Vaudenaymodel
3.3. Previous Privacy Models 25
– Communicate and compute, without exceeding s steps.
Phase 2: Challenge
• A selects Ti and Tj to which it did not send SetKey messages.
• Let T ∗0 = Ti and T ∗1 = Tj and remove both of these from the current tag
set.
• Selects b ∈{0,1}, giving A access to T ∗b
• A may do the following in any interleaved order:
– A interacting with tags and the reader with ReaderInt and TagInit
without exceeding r and t respectively.
– A can make SetKey any tag except T ∗b
– Communicate and compute, without exceeding s steps.
• A outputs b′
• A wins if b = b′
Apart from the definition enhancements, the authors also raise the limitation
of the models in cross-reader privacy, where there exist multiple RFID systems
that function concurrently but independently. For example, if there exist two
systems A and B, a tag can be distinguished if readers on one of the systems
are designed not to respond to any tag that does not belong to the systems. By
noting the response, or the lack thereof, an adversary can trivially distinguish
the belonging of the carried tag. Note that this could be considered as a form of
physical traceability, but it is nevertheless important to bring to mind that this
is more of a practical limitation then a model limitation.
When compared to later models, this model is limiting in a number of ways.
The most notable limitation is the adversary’s corruption abilities. Since the
model does not allow the adversary to call SetKey on T1, Tj and later T ∗b . This
does not allow the model to capture the privacy of tags in situations where
secret(s) of a target tag are known. Another drawback of the model is the lack
of flexibility, even when ignoring the restrictions on SetKey, the model only offers
three levels of privacy.
As with most other models, the model does not specifically consider mutual
authentication. Also omitted is the distinction of stateful protocols. Whereas
26 Chapter 3. RFID Privacy Models
the first of these drawback can be attributed to the early proposal of the model,
the latter limitation is rather common in other models.
The model, however, is not without its advantages. Based on the notion of
indistinguishability, the model is comparably much more straightforward. The
model is also one of the few models that is not restricted to analyzing protocols
that are initiated by the reader, as such protocols used by active tags can also
be analyzed. The model is also one of the few that allows corruption of tags
throughout the experiment, i.e. in both phase 1 and phase 2; unfortunately the
challenge tag is the only tag that cannot be corrupted.
Vaudenay
A popular security model was proposed in 2007 by Vaudenay [59] and is of-
ten regarded as one of the most complete models proposed. Due to its com-
pleteness and popularity, this model has been used as a basis for a number
for other models. Most popular of all the feature, are the adversaries pre-
sented in the mode. A total of 8 adversaries classes are defined in the pa-
per, STRONG-WIDE, STRONG-NARROW, DESTRUCTIVE-WIDE, DESTRUCTIVE-NARROW,
FORWARD-WIDE, FORWARD-NARROW, WEAK-WIDE, and WEAK-NARROW, as a combina-
tion of 4 basic adversaries STRONG, DESTRUCTIVE, FORWARD and WEAK with the
options of being either WIDE or NARROW.
The key differences between the adversaries is the use of the Corrupt ora-
cle. Whereas the STRONG adversary has unlimited access to the Corrupt, the
DESTRUCTIVE cannot access a tag after it has been corrupted, and the FOR-
WARD adversary which can only continue to use Corrupt once it has been
called. Finally there is the WEAK adversary which does not have access to the
Corrupt oracle. In addition, adversaries are also said to be WIDE if they have
access to a Result oracle, an oracle that allows adversaries to determine if a
protocol session was completed successfully; otherwise an adversary is said to be
NARROW.
To define privacy, the authors first introduce the notions of a Blinder and a
Trivial adversary.
Definition 3.3.2 (Blinded and Trivial Adversary).
A blinder is a polynomial algorithm, without the knowledge of any secrets, that
simulates the basic communicational oracles, Launch, SendReader, SendTag, and
3.3. Previous Privacy Models 27
Result, to the adversary. Furthermore an adversary is considered to be Blinded
if it does not use the above oracles.
An adversary is said to be Trivial if |Pr[Adversary wins] - Pr[Blinded
Adversary wins] is negligible.
The Vaudenay privacy model can be represented as a game between a chal-
lenger and an adversary. The aim of the adversary is to associate tag pseudonyms
with their real identities. The two phase game is described below:
Definition 3.3.3 (Privacy-Vaudenay).
• Phase 1: The adversary communicates with the system though oracles
limited by its respective class.
• Phase 2: The adversary is given a table with each pseudonym associated
with its identity. The adversary then outputs true or false.
The adversary wins if it outputs true .
A scheme is said to be P-Private if all adversaries of the class P that outputs
true are Trivial.
From another perspective, it can be considered that the privacy of this model
is defined by the advantage of an adversary with access to real system interactions
from an adversary with interactions of a simulated system. As the simulated
system, where a Blinded adversary is used in place of the traditional adversary,
does not have any secrets such as tag identities, it should not be possible for the
adversary to identify a tag based on its responses. As a result, if an adversary
communicating with the real system has no advantage compared to an adversary
communicating with the simulated system it can be argued that an adversary
does not gain any useful knowledge from interactions with the real system.
This model was later simplified by Ng et al. [45] in 2008, reducing the number
of adversarial classes from eight to three: STRONG, FORWARD and WEAK. It was
shown that it is possible to achieve Strong privacy using public-key protocols,
under the condition that a true random source is used
The most notable drawback of the model is the impossibility of Strong pri-
vacy, as suggested by the authors. In order for a protocol to be private the
adversary must not be able to distinguish between interacting with the Blinder
28 Chapter 3. RFID Privacy Models
and the system, even when the secrets of the tag is known. However, since the
Blinder does not have knowledge of any secrets and the Corrupt queries are
passed back to the system, it would be trivial for an adversary to distinguish
between the two. For example, the adversary begins by corrupting a tag before
continuing to communicate with the same tag. Since the Blinder does not know
any secrets, the messages from the Blinder would not be consist with the secret
from the system allowing the adversary to trivially distinguish between the two.
This issue is partially addressed by Ng et al. [46] where the concept of a wise
adversary was introduced. The idea is that a wise adversary would not make
any irrelevant queries to the system/Blinder thus avoiding such situations.
Since the model does not make use of challenge and non-challenge tag, it
is limiting for situations where the adversary is allowed only corrupt to certain
tags. This drawback is particularly apparent when analyzing protocols with non-
correlated secrets. As it is not possible to restrict the corruption of certain tags,
such protocols can only achieve a lower level of privacy than otherwise possible.
It is also evident in the survey conducted by Coisel et al. [19] (see section 3.4)
where the privacy of the SK-based protocol is considered to be as private as
tree-based protocols.
As with other models, Vaudenay’s model, including subsequently proposed
improvements, does not specifically consider stateful protocols. Similarly, an-
other drawback of the model is the lack of mutual authentication, but this was
later introduced in the work by Paise and Vaudenay [50].
Nevertheless, as mentioned previously, the most significant advantage of the
Vaudenay model is the flexibility of the adversaries. This was the first model to
introduce the DESTRUCTIVE adversary, which has since been used in a number of
other models. Also introduced was the notion of WIDE and NARROW adversary, an
important addition that allowed weaker protocols to achieve a level of privacy in
an otherwise overly strong model.
Canard et al.
More recently, in 2010, Canard et al. [15] extended and simplified the model of
Vaudenay [59] offering a model of similar strength but simpler. Key novelties
of the paper are the introduction of non-obvious link as the model’s privacy
definition, as well as the use of a Dummy adversary in place of the Blinder.
Based on the work of Vaudenay, the authors provided a security property
3.3. Previous Privacy Models 29
which they proved to be as strong as the STRONG adversary by Vaudenay but
is attainable. It should be noted that these two models, Vaudenay and Canard
et al. claim to be, at the time of publication, the only models that permit the
adversary to target previously corrupted (compromised) tags.
The model introduced the restriction that an adversary will win the game if
and only if the adversary is able to link multiple authentications of the same tag.
This was accomplished by defining the notion of non-obvious link where an
adversary wins the game if it successfully associates the pseudonyms that refer
to the same tag across multiple sessions.
Definition 3.3.4 (Non-obvious Link, Dummy Adversary).
A Dummy adversary is an adversary with access to the oracles CreateTag, Draw,
Free and Corrupt. We then consider two pseudonyms of a tag in two points
in time, ti and tj respectively. The link between ti and tj is considered to
be Non-obvious if the Dummy adversary is unable to correlate ti and tj with
probability more than 12.
There can be 3 types of non-obvious links: A link is said to be Standard if
both ti and tj have not been corrupted, Past if only ti is corrupted, and Future
if only tj has been corrupted.
Definition 3.3.5 (Untracability). A RFID scheme is said to be T-untracable,
where T∈{Standard, Past, Future}, if for any P-Adversary, where P∈{Weak,
Destructive, Strong}, it is possible to define a Dummy Adversary such that Pr[Adversary
outputting non-obvious link] - Pr[Blinded Adversary outputting non-obvious
link] is negligible.
It can be considered that the privacy of this model is based on the ability of
an adversary to distinguish a tag under corruption at different times. This can be
compared to that of forward and backward secrecy, where on the compromise of
secrets, previous and/or future sessions should remain private. However as noted
by the authors, the model is designed to offer the strongest level of achievable
privacy notion, consequently the model is one of the least flexible.
Similar to most other models, this model only allows the corruption to occur
at one point in time thus limiting its ability to analyze stateful protocols. The
model does not, however, restrict when this corruption is to occur. It is also
30 Chapter 3. RFID Privacy Models
possible to simulate reader corruption since the model allows the adversary to
corrupt all tags in the system.
The most interesting conclusion to the work was to show that future untrace-
ability was achievable, and that the notion is stronger or equal to NARROW-STRONG
privacy of Vaudenay’s model.
Hermans et al.
In 2011 a privacy model was proposed by Hermans et al. [56]. Contrary to most
previously proposed models which are based on the notion of simulation, the
model is based on left-right distinguishability. The work critically analyzes pre-
vious models and introduces a new RFID privacy model extending and modifying
a model previous proposed by Bohli et al. [11]. Consequently this work bears
many similarities with the model on which it is based. Privacy in the model is
defined by the advantage of an adversary winning a privacy experiment played
between the environment, S, and an adversary, A.
Definition 3.3.6 (Privacy Experiment).
• b ∈R {0, 1}
• A interacts with the system with oracles restricted by its class and outputs
b′
• A wins if b′ = b.
It should be noted that the DrawTag() oracle in this model differentiates itself
from other models because it requires the adversary to specify two tags to draw,
the resulting drawn tag is based on the value of b. Consider an adversary that
calls vtag ← DrawTag(Ti, Tj), if b = 1, then vtag = Ti otherwise vtag = Tj will
be drawn. The adversary is to determine the value of b based on its interactions
with vtag. There is also the requirement that Ti and Tj cannot be drawn again
unless they have been freed using FreeTag(). The definition of privacy is given
as the advantage of an adversary winning the above privacy experiment.
Definition 3.3.7 (Privacy). An RFID system S, is said to unconditionally pro-
vide privacy notion X, if and only if for all adversaries A of type X, it holds that
the adversary has no advantage in winning the privacy experiment.
3.3. Previous Privacy Models 31
The work also considers additional notions of privacy, indicated as X+, when
there are restrictions on how A can use available oracles. For example, if A is
not able to call Corrupt().
For the purpose of comparison, the privacy experiment in this paper can be
comparable to the privacy definition given by Canard et al. For example, consider
a system with 3 tags, Ti, Tj and Tk. A calls DrawTag(Ti, Tj) then interacts with
vtag. A follows to free vtag, and calls DrawTag(Ti, Tk) then continues to interact
with vtag. Thus the advantage of an adversary can be thought of as the ability
of the adversary to ’link’ interactions of a tag between different sessions.
Similar to Vaudenay’s model, this model also does not limit when to corrupt
or which tag to corrupt. Likewise, it is also possible to corrupt all tags in the
system. Interestingly, the model is also one of the few which gives explicit rules
concerning the operation of volatile and non-volatile memory: volatile memory
is erased whenever the tag is freed.
Burmester et al.
Burmester et al. [13], in 2006, proposed a universally composable model de-
signed for RFID applications aimed to provide availability authentication and
anonymity guarantees. The paper was extended in 2007 by Le et al. [13, 58].
Along with the model, the authors of this paper also show that there exist at
least two protocols that can be proven secure under this new model. One of
the advantages of the work is that whereas protocols are proven secure in other
models using the random oracle model, this is not used in the proofs using this
model.
There are a total of three security properties defined in this model, availabil-
ity, authentication and anonymity. The definition of availability states that it
holds if any adversary does not have non-negligible probability of preventing a
tag from authenticating with a reader, whereas authentication holds when there
is no efficient adversary that can authenticate with an honest reader with non-
negligible probability. Anonymity defines what is usually identified as privacy or
traceability. This property is said to hold if there exists no efficient adversary
that has non-negligible advantage in outputting a valid tag output at any time in
the simulation. This is perhaps one of the more comprehensive models proposed,
having the ability to capture a wide range of properties that are not found on
other models, but nevertheless falls short when it comes to the corruption of
32 Chapter 3. RFID Privacy Models
tags. The model does not capture the notion of forward privacy, where it can
determine if an adversary can trace a tag after its secret is known.
Ouafi et al.
A privacy model was proposed by Ouafi et al. [49] in 2008 focusing on the trace-
able privacy of RFID protocols. Interestingly authors of this paper suggested
that the definitions described in this model can be seen as an ’alternative’ to
those proposed by Juels et al. [33]. This paper proposes three distinctive defi-
nitions: partnership & completion, freshness, and most importantly untraceable
privacy.
Partnership & completion defines that a reader instance and tag instance are
partners if and only if they have completed, a protocol session signified by both
parties outputting Accept. An instance is said to be fresh if and only if a party,
with or without a partner, outputs Accept and that the party has not been
corrupted. Untraceable privacy, unlike the previous two definitions, is defined
by a 3-phase game that follows very similarly to the game described by Juels
et al. [33] but with an extra requirement that the session must be fresh before
the adversary is allowed to guess. The authors also noted that one of the main
differences in the definitions of privacy when compared to that of Burmester et
al. [13] is that Accept is outputted before protocols update their states whereas
in this model it is outputted after. Both extra requirements allow not only
stateless protocols but also stateful protocols to be secure under this model.
However although this model allows stateful protocol to be proven private, like
most others it does not capture the different privacy properties between the two
types of protocols.
Ha et al.
A security model focusing on location privacy was proposed by Ha et al. [26] in
2008, aiming to improve existing models by Avoine [5], Vaudenay [59] and Juels et
al. [33]. Unlike the previous models, the model considers two types of adversaries,
passive and active. As their name implies, passive adversaries are capable of only
eavesdropping all communication whereas active adversaries have the ability to
intercept, modify, block messages in addition to the powers of passive adversaries.
The authors of the paper in particular consider eavesdropping, impersonation,
message interruption/loss and location tracking as the most series threats of
3.3. Previous Privacy Models 33
RFID security.
In the model, two notions and classes of location privacy are introduced:
Indistinguishability and Forward privacy. One or both of them can be categorized
within the weak location privacy and strong location privacy class when they are
meet with extra requirements. Both notions are defined though a security game
between the challenger and adversary and are similar to the indistinguishability
game commonly used in other models. The only difference between the two
notions is that the adversary is only allowed to corrupt the tag during the forward
secrecy game, whereas in the indistinguishability game this power is prohibited.
This model, unlike other models, provides the distinction between stateless
and stateful protocols using the notions of indistinguishability and forward se-
crecy, with forward secrecy highlighting the security benefits of state updates.
However, contrarily the model does not capture the active untraceable property
of stateless protocols.
Lai et al.
In 2010, a privacy model based on unpredictability-based RFID privacy was
proposed by Lai et al. [34] extending on the work by Ma et al. [42]. In the paper,
the authors identified two types of security problems in RFID systems, attacks
aimed to hinder the functioning of the system and attacks related to privacy,
of which the latter is of most interest. Hence noting that privacy preserving
RFID system should therefore provide anonymity as well as unlinkability between
sessions.
The privacy of this model is defined as a unp-privacy(unpredictable-privacy)
game, based on the ind-privacy(indistinguishability-privacy) game that was pro-
posed by Ma [42]. In this game there exist two adversarial algorithms, A1 and
A2, in the first few steps, a reader and a set of tags are set up followed by interac-
tions with A1, though a predefined set of oracles, with an uncorrupted tag. The
outputs of the tag are passed by A1 to A2. The challenger then picks a random
bit to determine whether to send a set of output from the same tag or random
strings to A2, who in turn has to guess whether the given strings are from the
tag or are random. A protocol is said to be secure under this definition if there
exists no efficient adversary that has non-negligible probability of guessing the
correct choice.
Following the unp-privacy, the authors proposed the unp*-privacy model
34 Chapter 3. RFID Privacy Models
which aims to allow mutual authentication protocols to be used under the model.
The authors noted that, unlike the original model, their model allowed for mul-
tiple oracle access to the challenge tag thus the new model does not possess the
same limitation of the original.
Deng et al.
Deng et al. [20], in 2010, proposed an RFID framework for RFID security and pri-
vacy based on zero-knowledge formulation. In this framework, completeness and
mutual authentication are defined using the notions of adaptive completeness,
matching sessions, and authentication. Adaptive completeness ensures that after
an attack the uncorrupted parts, tags and database, can still function. Match-
ing sessions states that a session is complete if and only if there exist identical
session transcripts on both the tag and reader. Finally authentication holds if
there exists no adversary that can break the authentication of the reader and an
uncorrupted tag.
The paper follows on to present a zero-knowledge based definitional frame-
work for RFID privacy, proposing the notion of zk-privacy. A protocol is said to
satisfy zk-privacy if the outputs of the real world experiment are indistinguishable
from that of the simulated world experiment, thus implying that an adversary
cannot distinguish between a challenge tag and a simulated tag. It should be
noted that state updates can also be simulated by including the final secret-key
and internal state of the challenge tag as part of the output. The authors also
suggest that the definition of zk-privacy is ’strictly’ stronger then the definition
proposed by Ma et al. [42] and conclude that the framework has to be extended
to cater for practical scenarios such as corruption, cloning, ownership-transfer.
3.4 Survey from Coisel et al.
Very recently, an in-depth survey was conducted by Coisel et al. [7] providing a
comprehensive comparison on some of the most popular privacy models for RFID.
The survey suggested that a model should aim to reflect real world situations
and adversarial abilities. Thus practically, the scope of models should not be
limited to analyzing specific protocols but rather be flexible for the purpose of
distinguishing the privacy differences between protocols. The authors therefore,
determined a desired set of features and compared the most popular models
3.4. Survey from Coisel et al. 35
with the feature set. Most notable is the ability for an adversary to choose and
corrupt challenge tags, the differentiation between NARROW and WIDE adversaries,
the ability for the adversary to interact with all tags in the system, and the ability
for the model to analyze all protocols. The authors also selected five distinctive
protocols as a baseline to compare the flexibility of the models. However, the
conclusion was that that none of the models were able to capture the privacy
differences between the protocols.
A type of protocol that has attracted little attention to model designers is
the stateful protocol. The most interesting feature of stateful protocols is their
ability to update their secret(s); this allows a tag to potentially maintain privacy
even when the secret has been revealed. In addition to the properties discussed
in the survey, there are three, interrelated properties that are also interesting:
adaptability to stateful protocols, the ability to corrupt anytime, and reader
corruption. Two ideal properties arise when this corruption is possible, a tag
can remain private even when more than one corruption occurs over time, and
the same should apply for the corruption of the reader. Since there has yet
to be a model to explicit discuss the corruption of the reader, the chapter will
discuss the model in relation to the ability to corrupt all tags in the system. Also
interesting is the consideration of different memory types, more specifically, the
distinction between volatile and non-volatile memory
3.4.1 Five Protocols
Of all the results and issues presented by Coisel et al., most intriguing is the
set of five RFID protocols selected for the purpose of benchmarking proposed
models. As the vulnerabilities of these protocols are well documented, they are
particularly useful when used to highlight the difference in adversary abilities
between models. It is important to observe the differences between protocols
with updatable states (stateful protocols), and the protocols with no updatable
state (stateless protocols).
SK-Based Protocol
In this protocol, each tag has a unique secret that is shared with the reader. This
protocol begins with the reader generating a random nonce NR. The tag, after
receiving NR, generates its own nonce NT and uses a pseudorandom function to
generate the message H(K‖NR‖NT ), where K is a unique secret of the tag. The
36 Chapter 3. RFID Privacy Models
Reader Tag
K K
NR ∈R {0, 1}αNR−→ NT ∈R {0, 1}α
H(K‖NR‖NT ),NT←−
Figure 3.1: SK-Based Protocol
reader then has to compute the same message for all secrets stored until a match
is found, completing the protocol.
Evidently this protocol would not remain untraceable after the tag has been
corrupted. However, the corruption of non-challenge tags should not have any
effect on the traceability of the challenge tag. As a stateless protocol, the SK-
based protocol is also one of the weakest of the five, since all sessions (both before
and after corruption) can be traced after the initial corruption of the tag.
OSK Protocol
Reader Tag
S’ S
NR ∈R {0, 1}αNR−→
mT = H(S‖NR)S = G(S)
mT←−Find H(S‖NR)= H(Gi(S ′), NR), i < δ
S=Gi(S)
Figure 3.2: OSK Protocol
The OSK protocol [48] was proposed by Ohkubo et al. in 2003. One of the
most interesting features of this protocol is the updatable state. This is one of
the two stateful protocols of the five, the other is O-FRAP. The OSK protocol
makes use of two pseudorandom functions, H and G. Every time the tag receives
a random nonce NR from the reader, the tag encrypts the message by hashing
its secret S with the received nonce NR. The secret state S is then updated with
G. For each authentication attempt, the reader has to compute H(Gi(S ′), NR)
for every tag in the system. If a match is found then the tag is successfully
authenticated and the secret S is updated. Since the S is updated every time a
3.4. Survey from Coisel et al. 37
session is initiated at the tag, one of the major drawbacks of this protocol is the
possibility of de-synchronization, an aspect should also be reflected in the model.
As a stateful protocol it should be possible for previous sessions of the protocol
to remain untraceable even after corruption. This is indeed achieved by this
protocol, as it is not possible for an adversary to deduce the previous secret
based on the current secret. However, the reverse cannot be said as it is possible
for an adversary to trace a tag after corruption. It is also interesting to note that
the de-synchronization of the protocol is captured in the form of a bound on the
number of consecutive incomplete protocol sessions.
O-FRAP
Reader Tag
(ID’, K’, S’), (ID’−1, K’−1, S’−1) ID, K, S
NR ∈R {0, 1}αNR−→
v = FK(NR, S)v = v1‖v2‖v3‖v4
S,v2←−Computes v′3 S = v1
v′3−→If v′3=v3, K = v4
Figure 3.3: O-FRAP Protocol
The Optimistic Forward-secure RFID entity Authentication Protocol (O-
FRAP), shown in figure 3.3, was proposed by Le et al. [58]. A pseudorandom
function F is used in the protocol, where the output v from input K,NR, S is
separated into four sections v1, v2, v3 and v4. In order for the reader to identify
a tag, the reader first tries to search for S. If S is not found, it has to perform
an exhaustive search by comparing FK’(NR, S) with all K’ in the system. If
match not found, the system performs another exhaustive search by comparing
FK−1’(NR, S) with all K’−1 in the system.
Similar to the OSK protocol, the O-FRAP protocol is also a stateful protocol.
However, it is much easier for this protocol to be de-synchronized compared to the
OSK protocol. This can as be simple as multiple incomplete sessions. However,
since the protocol’s mechanism allows the protocol to resynchronize after a single
successful session, regardless of the number of incomplete sessions, this is much
38 Chapter 3. RFID Privacy Models
less of a drawback for this protocol. The privacy properties of this protocol
are comparable to the SK-protocol due to their similarities. As a result, most
models are unable to distinguish the privacy properties between the O-FRAP
and SK-protocol.
Tree-based Protocol
The tree-based protocol is proposed by Molar et al. [44] and is very similar to
the SK-based protocol. The protocol is shown in table 3.4. Instead of each
tag sharing a single unique secret with the reader, however, each tag shares a
unique set of secrets. The secrets are also shared among tags, thus the main
drawback of this protocol is that the corruption of a tag can lead to compromise
of uncorrupted tags. A more detailed description and analysis of the protocol
can be found in chapter 7
Reader Tag
k1, k2, k3, ...k∗
NR ∈R {0, 1}αNR−→
ki⊕fs(0‖NR‖NT ),NT←− NT ∈R {0, 1}αki⊕fs(1‖NR‖NT )−→
...Repeat for all k
Figure 3.4: Tree-based Protocol
Public Key Protocol
Reader Tag
rsk, K, IDT rpk, K, IDTNR ∈R {0, 1}α
NR−→mT = ENCrpk(NR‖IDT‖K)
mT←−
Figure 3.5: Vaudenay’s Public Key Protocol
The protocol shown in figure 3.5 is presented by Vaudenay [59]. The protocol
uses a public-key pair rsk and rpk. The reader starts the authentication session
by first generating a random nonce, NR, which is sent to initiate the session
3.4. Survey from Coisel et al. 39
with the tag. The tag replies with a message mT with the concatenation of the
received nonce, NR, its identifier IDT and its shared secret K encrypted using
the public key of the reader rpk. After the reader receives mT , the message is
decrypted using the private key of the reader and its contents are matched with
the back-end database.
Although arguably not practical for implementation in passive RFID tags,
the protocol remains one of the strongest protocols that is often studied. The
protocol achieves the highest achievable level of privacy in every known model.
Since the corruption of a tags does not compromise the private-key of the reader,
all sessions, both before and after corruption, cannot be traced by the adversary.
3.4.2 Comparison of Privacy Models
In the work of Coisel et al., the authors outlined a number of features that are
desirable in privacy models. This section outlines some of the more interesting
discussed features in the work. Since three of the models discussed in this chapter,
Ouafi et al., Ha et al., and Lai et al., are not discussed in the survey by Coisel
et al., this section extends the results to include these three models. A summary
of the results is shown on table 3.1.
Number of Tags Allowed in the Experiment
The first discussed property is the ability for an adversary to interact with all
tags during their challenge phase. Although this might seems like a feature that
is assumed to be present in all models it is often taken for granted. In the model
based on indistinguishability, the two earliest models by Juels et al and Avoine
do not provide this feature. In Juels et al’s model, the adversary is only allowed
to communicate with one of the two challenge tags, thus one tag is not present in
the system during phase 2. Avoine’s model is also interesting since throughout
the entire experiment, only two tags are considered thus the concept of a system
is not considered in the model. Other models, including Vaudenay, and Canard
et al., that do not explicitly consider two phases do not limit the adversary during
any point in their experiments, thus they are considered to be unrestricted. All
the other models allow the adversary to interact with all tags in their final phase.
40 Chapter 3. RFID Privacy Models
Choice of Challenge Tags
The choice of challenge tags allows an adversary to target specific tags. In certain
situations, this can be used to the adversary’s advantage. Consider the tree-
based protocol, if the adversary is to choose tags with known correlated secrets,
it would be able to distinguish tags easily. All models except Avoine allow the
adversary to select their challenge tags. In Avoine’s model the challenger chooses
the challenge tags instead of the adversary.
Corruption of Tags
Corruption of tags is considered under two different situations: corruption of
non-challenge tags, corruption of challenge tags. Firstly not all models have the
notions of challenge and non-challenge tags; models that do include the model by
Vaudenay, Canard et al, and Hermans et al. In these models, corruption is not
limited by time, thus it is considered that the adversary can corrupt all tags. All
other models allow the corruption of non-challenge tags, whenever the adversary
has the ability to corrupt. However, some models do not allow the adversary the
ability to corrupt challenge tags. Models including Lai et al, and Ouafi et al. do
not allow this ability. Some models, including Ha. et al, Avoine and Juels et al.,
only give the adversary the power to corrupt one out of the two challenge tags.
NARROW/WIDE
NARROW and WIDE differentiates if the adversary has knowledge of the result of
whether a session was successful or has failed. This is one of the fundamental
pieces of side-channel information which is considered in a number of models.
WIDE adversaries have the ability to determine the result of protocol session,
whereas NARROW adversaries do not know of the results of protocol session. The
notion was first introduced by Vaudenay and used in models which share the same
adversaries including Canard et al., and Hermans et al; only such models consider
both types of adversaries. In other models, NARROW and WIDE are considered to be
part of the communicational oracles, such as SendTag and SendReader. Due to
this, models by Avoine, and Lai et al. only provide NARROW adversaries, whereas
Juels et al., Ha et al., and Ouafi et al., only provide WIDE adversaries.
3.4. Survey from Coisel et al. 41
Model Interact with Choose Corruption NARROW/
all Tags Challenge Tags WIDE
Avoine No No 1 of 2 NARROW
Juels et al. No Yes 1 of 2 WIDE
Vaudenay Yes Yes Challenge BothConard et al. Yes Yes Challenge Both
Burmester et al. Yes Yes Challenge WIDE
Ouafi et al. No Yes Non-Challenge WIDE
Ha et al. No Yes 1 of 2 WIDE
Lai et al. No Yes Non-Challenge NARROW
Deng et al. No Yes Non-Challenge NARROW
Table 3.1: Extension of Model Comparison by Coisel et al.
3.4.3 Additional Results
Table 3.1 and 3.2 outlines the properties discussed earlier in the section: the
ability to cater for stateless and stateful protocols, the ability for the adversary
to corrupt all tags, and any side channel information that is captured in the
model. As shown in the table, most models only cater for either stateless and
stateful protocols, with the models proposed by Deng et al. being a notable
exception. Models are considered to cater for the type of protocol if the type
of protocol can be proven private in the model. Models proposed by Vaudenay,
extended by Canard et al., and Ha et al. offer partial support for stateless
protocols where only particular stateless protocol can be proven private. That is
although in their definition it is possible to prove stateless protocols to be secure,
it does not capture the situation where an active adversary can trace a tag using
stateful protocols between successful authentication sessions. In contrast most
models allow the adversary the power to corrupt tags with the sole exception
being one of the earliest models proposed by Avoine which was subsequently
extended by Juels et al. It should also be noted that although the corruption
of tags was allowed in the model proposed by Burmester et al. its corruption
definition allows the adversary to corrupt tags after a successful session thus does
not capture the unique security property of state updates, this model was later
extended by Le et al. in which the definition was altered in order to capture this
property. A feature comparison table of new results is presented in table 3.2.
42 Chapter 3. RFID Privacy Models
Model Stateless Stateful Mutual Corruption ofAuthentication all Tags
Avoine Yes No No NoJuels et al. Yes No No NoVaudenay Partial Yes Extended Yes
Conard et al. Partial Yes No YesBurmester et al. Yes No Yes No
Ouafi et al. No Yes No YesHa et al. Partial Yes No NoLai et al. No Yes Yes No
Deng et al. Yes Yes No No
Table 3.2: Additional Model Comparison Results
3.5 Conclusion
It can be seen in this section that there is currently no ideal RFID privacy model,
as also concluded by Coisel et al. In the survey, Coisel et al. suggested that the
main limiting factors of current models were their lack of flexibility, this was
showcased by using the models to analyze five distinctive protocols but no model
was able to distinguish the property differences in all of them. The work also
discussed different capabilities of the adversary in regards to their corruption
powers, and showed that the models based on Vaudenay’s adversaries were the
most flexible. One other feature absent on most models is the ability to analyze
protocol where the tag can initialize sessions.
In extension to the comparison conduced in the survey by Coisel et al, this
chapter also introduced other interesting features: in particular their suitability
to analyze stateful protocols. This ability can be considered as the combination
of the following abilities: achievable privacy levels of stateful protocol, mutual
authentication, and the ability to corrupt all tags.
Chapter 4
State-Aware RFID Privacy
Model with Reader Corruption
4.1 Introduction
Evident from the previous chapter, there is no commonly agreed “good” privacy
model for analysing RFID protocols. As shown in chapter 3, existing privacy
models have significant limitations in terms of the classes of protocols that can
be analysed within the models and the strength of the privacy notions consid-
ered, particularly in relation to the corruption of tags. This chapter presents a
new privacy model for RFID that aims to overcome the limitations of existing
models. The new model is simple enough so that it can be widely adopted for
security analysis by protocol designers.
4.1.1 Stateful and Stateless Protocols
Proposed RFID protocols can be separated into two categories, stateless and
stateful,
An example of the different properties between the two types of protocols is
the vulnerability of stateful protocols to desynchronisation. Desynchronisation
commonly occurs when the last message of the protocol is not received, blocked
by an adversary for example, resulting in the internal state of one of the par-
43
44 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
ties not being updated. Next time the tag and reader engage in a protocol run,
either the protocol fails because of the non-matching states, or an additional
resynchronisation stage is executed. Both cases are likely observable by a third
party; therefore de-synchronisation may be seen as resulting in side-channel in-
formation leakage, which can be used by an attacker to trace the tag. A security
model for stateful protocols must take into account desynchronisation. This vul-
nerability does not affect stateless protocols. The model presented in this chapter
introduces a new definition of stateful privacy.
4.1.2 Reader Corruption
Existing security models for RFID authentication model readers and the back-
end database as a single entity and assume that the reader and backend database
are implemented securely, so that the adversaries cannot interfere with them.
This assumption is based on the availability of greater resources for their pro-
tection. Typically the back-end database is at least a workstation-class system,
which is hosted in a central physically secured location. As discussed by Avoine
et al. [9], assuming that the back-end database cannot be directly attacked is un-
warranted in practice. After all, these are servers that are commonly connected
to the Internet, where vulnerabilities and hacking attacks are commonplace. In
the new model presented here, readers and the back-end database are also treated
as a single entity, refered to as reader, but adversaries are afforded with corrup-
tion powers that expose the secrets in the back-end database. While Avoine et
al. [9] discussed the importance of reader corruption, they do not consider it
within a formal security model. Interestingly, it turns out that stateful protocols
are naturally suited to resist attacks involving corruption of the reader.
4.1.3 Side-Channel Leakage
Traditionally, side-channel information refers to physically observable character-
istics of a system, such as power consumption and heat, which can be used by
an attacker to compromise security. Unfortunately most side-channel sources are
independent of the underlying protocol and are difficult to include in a security
model. The new model focuses on side-channel information which is dependent
on protocols and is easily observed without sophisticated means. One notable
example is the result of a protocol session, where the results of a protocol can
4.2. Model components 45
be observed though physical means, e.g. a door opening. There has been other
recent work showing that execution time can leak information [7, 24]. As it is
likely that more aspects of side channel will be discovered in the future, it would
be impractical to capture each distinct leakage scenario independently. The pro-
posed model does not focus on any specific trait, but rather the main cause of
side-channel information leakage: de-synchronization.
4.2 Model components
The proposed model includes a number of components, most importantly the
setup of the RFID system and available adversaries. This section will detail each
component that builds up the privacy model.
4.2.1 RFID System
The first stage of the privacy model is to setup the operating environment. The
RFID system environment includes the reader and tags. In this model, as the
adversary does not have the power to create tags in the system, all tags are
required to be initialized when the environment is created using the SetupTag
oracle. In an attempt to maximize the usefulness of model, the use of public-key
protocols is also considered.
The setup of an RFID system is simulated using the following two setup
algorithms:
• (rpk, rsk) ← SetupReader(rpd)
On input of a security parameter rpd, outputs public/secret key pair rpk,
rsk. In cases where public-key pairs are not utilized, rpk can be considered
as an empty string (φ).
• (tpk, tsk, K, S) ← SetupTag(T, rpk)
On input of identifier T and the reader’s public key rpk, a secret K, and a
public and private key pair (tpk, tsk) are generated. State S is initial-
ized according to the protocol specification. K is a fixed long term secret,
whereas S is an updatable secret. It is common for protocols to make use of
only one of K or S; unused values are considered to be empty (φ). The val-
ues generated are stored by the reader and/or tag according to the protocol
specification.
46 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
It is assumed that each tag is only capable of a single session with the reader
at a time. This is due the operation of passive RFID tags. They are incapable
of being interrogated by more than one RFID reader at the same time; anti-
collision algorithms can be triggered and protocol sessions would be completed
one after the other. In the situations where active RFID is used, it is simply
constrained due to the single RFID reader assumption. Thus in the model, tags
cannot have more than one active session with the reader. This is reflected by the
following definition of sessions, where the previous sessions would end whenever
a tag starts a new session. There is also the concept of corresponding session
to ensure that sessions are synchronized between the tag and reader.
Definition 4.2.1 (Session). A session is an instance of a protocol execution at
a party. Each party stores a session identifier π for every initiated session which
is unique within the party. When two session ids πR and πT refer to the same
protocol execution, they are referred to as corresponding sessions. Each session
also holds a Result value indicating if a session has completed or has failed.
Definition 4.2.2 (Active Session). Sessions are labeled as either active or
inactive. It is only possible for a tag to have one active session at any point
in time. Volatile memory is assumed to be erased when a session is labeled
inactive unless otherwise specified by the protocol. It is possible for readers to
have multiple active concurrent sessions with different tags.
4.2.2 Adversarial Oracles
As usual, the interaction between an adversaryA and an RFID system is modeled
by oracles that the adversary is allowed to query. The oracles in the model are
as follows:
• (πT , πR, t)← Execute(T )
This oracle models the situation where an adversary is eavesdropping on
the communication between the reader and tag T . A receives the protocol
execution transcript t with the corresponding session identifiers πT and πR.
A completed acknowledgement will be stored as Result if the protocol run
was successful, otherwise failed will be stored.
• (πR, πT )/(φ, πT )/(πR, φ) ← Initiate((T,R)/T/R)
A initiates a protocol session with either with both tag T and reader R, or
4.2. Model components 47
only T or R, returning the new corresponding session identifiers πR and πT
or only session identifiers πT or πR. Any previous sessions of T or R, and
corresponding sessions are marked as inactive. If Result of the previous
session is not labeled, it will be labeled as failed. Unlike the Execute oracle,
this oracle allows the adversary to create an incomplete session between a
reader and/or a specific tag.
• completed/failed/φ ← Result(π),
A retrieves the value of Result of protocol session π. If there is yet to be
a value of Result, φ is returned.
• r/φ ← SendTag(πT ,T, m)
Sends message m to session πT of tag T. A is returned a response message
r or φ as per protocol specification. In normal protocol interactions a
response message r would be returned, however there is also the possibility
of a ‘null’ response φ if the message sent was invalid, or the session had
already completed or failed. This oracle models the ability of the adversary
to send messages to RFID tags and observe the response.
• r/φ ← SendReader(πR, m)
Sends message m to session πR of the reader R. A is returned a response
message r or φ as per protocol specification. Similar to the SendTag oracle,
in normal protocol interactions a response message r would be returned,
however there is also the possibility of a ‘null’ response φ if the message
sent was invalid, or the session had already completed or failed. This oracle
models the adversary transmitting a message to the RFID reader.
• (K, S) ← CorruptTag(T ),
A obtains the long term secret K and session state S of T. Note that we
assume that tags will continue to function after corruption. This oracle
models the adversary’s ability to extract secret data from a tag through
specialized methods such as physical extraction.
• M ← CorruptMemory(πT , T )
The adversary is given the memory state M of tag T. M is the contents of
the temporary(V olatile) memory of T used when computing the output of
SendTag(πT , T ). For example, this can include input and output of values
48 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
of hash functions and any generated/received nonce depending on protocol
specification.
• Y /N ← Sync(T )
This query invokes a protocol-specific function that determines if T is in
sync. This oracle models side-channel leakage of information due to de-
synchronized states. This oracle is aimed at stateful protocols where it
is possible for the updatable states to be out-of-sync. Stateless protocols
always return Y.
• db ← CorruptReader()
A obtains all information, including secrets, stored by R. This oracle
models the ability for an adversary to obtain the data stored in the database
by compromising the back-end system. Similar to the CorruptTag query,
the adversary is a snapshot the database’s information when this oracle is
called.
4.2.3 Adversary Classes
We consider the following classes of adversaries, depending on the oracle queries
they have access to. There are three basic forms of adversaries:
Passive adversaries can only eavesdrop on communications between parties
and are not able to communicate with the tag or reader. Thus they are
allowed access to the Execute oracle, but not to the Initiate, SendTag
and SendReader oracles.
Active adversaries can not only access the tag but also the reader. Thus they
can access all four oracles Execute, Initiate, SendTag and SendReader.
Destructive adversaries are not allowed to interact with tag T after calling
CorruptTag(T ). This class of adversaries is similar to the destructive ad-
versary defined in [59].
Each type of adversaries can have, in addition to its original capability, one or
more of the following corruption capabilities. Whereas models typically have one
general corruption oracle, the proposed model uses multiple corruption oracles.
Although each oracle can be assessed specifically, they are group by their level
of sophistication when performed in the real world. The number of groups that
4.2. Model components 49
can be accessed by an adversary is determined by its class. The two groups are
as follows:
Level 1 Corruption (C1) are those who have access to the oracles CorruptTag
and Sync. They represent adversaries knowledgeable in the area of RFID
technology, in particular the internal workings of an RFID tag. The adver-
sary is capable of extracting secrets stored in a tag, and is also capable of
observing if secrets are synchronized.
Level 2 Corruption (C2) are those who have access to oracles CorruptMemory
and CorruptReader. They represent adversaries with different skill-sets
than C1 where specific knowledge of RFID might not be required but are
capable of compromising different aspects of the system. Arguably, the
two abilities in this group require much more sophisticated equipment or
expertise when performed in the world.
Similar to the adversaries presented by Vaudenay, the adversaries of this model
can be either NARROW or WIDE.
Wide adversaries are not allowed to access the oracle Result to determine
whether a protocol session was successful or not. A wide adversary corre-
sponds to a real life attacker who may be unable to interact with protocol
parties to observe the outcome of the protocol (e.g. whether a door opens).
Narrow adversaries are allowed to access the oracle Result to determine
whether a protocol session was successful or not, representing attackers
which are close by the tag and the reader it interacts with.
Note that not all types of adversaries are exclusive of each other. Thus, for
example, we consider adversaries that are passive and C1, passive and C2, and so
on. A noteworthy distinction with respect to previous models is that corruption
powers are considered to be independent powers that can be possessed by any
adversary type rather than abilities of strictly more powerful adversaries. A
summary of the types of adversaries is given in table 4.1.
A comparison of all adversaries in the order of their abilities is shown in table
4.2. For simplicity, the table does not compare the between NARROW and WIDE
adversaries. Nevertheless, WIDE adversaries are strictly stronger than NARROW
adversaries of the same class.
50 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
Passive Active Corrupt 1 Corrupt 2Execute Execute CorruptTag CorruptMemory
Initiate Sync CorruptReader
SendTag
SendReader
Narrow Wide DestructiveNo Result Result No interaction with T
after CorruptTag(T )
Table 4.1: Adversary classes
Another comparison is shown in table 4.3. The table aims to associate the
adversaries in this model to that of Vaudenay’s model. Similar to previous com-
parisons, NARROW and WIDE adversaries are omitted for simplicity. The Strong
adversary in the Vaudenay model, when proposed, was stated by Vaudenay to
be unachievable, thus the comparison is strictly on the basis of adversary power.
Active+C1+C2 ⇒ Active +C2 / Active +C1 ⇒ Active⇓ ⇓ ⇓ ⇓
Destructive +C1+C2 ⇒ Destructive +C2 / Destructive +C1 ⇒⇓ ⇓ ⇓ ⇓
Passive+C1+C2 ⇒ Passive+C2 / Passive +C1 ⇒ Passive
Table 4.2: Relationship between Adversary Classes
Passive ⇐ Active ⇐ Destructive+C1 Active+C1m ⇓ ⇓
Weak ⇐ Forward ⇐ Destructive ⇐ Strong
Table 4.3: Comparison of our adversaries (above) with Vaudenay’s adversaries(below)
4.2.4 Privacy definitions
Privacy notions are defined based on two games played between the adversary
A and a challenger C. The first game applies to stateless protocols, whereas the
second one applies to stateful ones.
Stateless Game:
Phase 1
4.2. Model components 51
• Tags, T1, T2, . . . , Tn and reader R are simulated by C.
• A interacts with C via oracle queries.
• A selects two tags Ti, Tj.
• C selects c ∈{0,1}
• Ti and Tj are reassigned as Ta and Tb respectively if c = 0, else Ti and Tj
are reassigned as Tb and Ta. Previous sessions of Ta and Tb are removed.
Phase 2
• A interacts with C though all oracles except for Sync, CorruptTag, and
CorruptMemory on Ta and Tb.
• A stops interacting with C and outputs c′.
• A wins if c′ = c.
Stateful Game:
In the Stateful privacy game, an extra oracle, BlindExecute, is introduced and
used by C at the start of Phase 2.
• BlindExecute(T )
A protocol session is executed between tag T and reader R with no output.
This oracle models situations where a tag communicates with the reader
in the absence of an adversary. The execution of the oracle is the same as
Execute only with no output.
In schemes where either or both parties store a previous secret for re-
synchronization purposes, BlindExecute might be required to be called
more than once for a scheme to remain private. As may be observed, some
protocols require the oracle to be called twice, once for the update of the
tag and the second for the update of previously stored database secrets.
However this additional requirement can potentially reduce the privacy
provided by the scheme. Thus the need of the weaker notion Stateful∗
Private, where * denotes the minimum number of times BlindExecute is
required to be called where the oracle is required to be called more than
twice.
52 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
Phase 1 Same as in stateless game.
Phase 2
• BlindExecute(Ta), BlindExecute(Tb).
• A interacts with C through all oracles.
• A stops interacting with C and outputs c′.
• A wins if c′ = c.
Definition 4.2.3 (Stateful* Privacy). A game is said to be Stateful* Private if
during Phase 2 BlindExecute is required to be called more than once.
Definition 4.2.4 (Strong/Weak Game). A game is said to be Strong if during
Phase 1 the oracles CorruptTag(Ti/Tj) and/or CorruptMemory(Ti/Tj) may be
called, for either one or both of the challenge tags, Ti. A non-Strong game is
otherwise a Weak game.
Since the Strong game requires the use of corruption oracles, the notion is
not applicable for Active and Passive adversaries. Because Strong privacy implies
Weak privacy, it is assumed that a game is Strong unless otherwise specified.
Definition 4.2.5 (Privacy). A scheme is said to be A-G Private, if any adversary
of class A ∈ {Wide, Narrow} × {Passive, Active, Destructive} × {φ,C1, C2, C1+
C2} playing privacy game G ∈ {Weak, Strong} × {Stateless, Stateful} have a
winning probability of 12
+ ε, where ε (the advantage) is negligible.
4.3 General Comparison with Previous Models
A description and a comparison of previous models can be found in chapter 3.
For the purpose of simplicity, this section will focus its comparison only with
the most similar models: Avoine [5], Juels-Weis [33], Vaudenay [59], Canard et
al. (CCEG) [15] and Hermans et al.(HPVP) [28]. The presented models are
firstly examined to determine if they are restricted to analyzing specific types
of protocols. This is particularly important as it determines the diversity of
protocols that can be analyzed by a model. The proposed model, Vaudenay and
CCEG’s models were the models that were able to analyze any protocol, whereas
Avoine’s model can only analyze 3-pass protocols and Hermans et al.’s model is
not able to analyze tag initiated protocols.
4.3. General Comparison with Previous Models 53
4.3.1 Creating Fake Tags
Other interesting properties are the ability for models to create fake tags and
if the database was complete from the start. Although discussed separately by
Coisel et al., the two properties can be considered to be interrelated. Since ‘fake’
tags can be created as either legitimate or illegitimate. A tag is considered to
be legitimate if its information is present the database and can potentially be
successfully authenticated, otherwise a tag is illegitimate. Aside from HPVP,
only Vaudenay’s model allows for an adversary to create both legitimate and
illegitimate tags. This should, however, not be considered as a shortcoming of
the proposed model. Illegitimate tags can be simulated by the adversary by
simply starting a session with the reader using a non-genuine identity1. Adding
legitimate tags can be achieved in two ways, a new tag is added where the
adversary knows the secret or a tag where the adversary does not know the
secret. However the same effect can be achieved by the adversary corrupting a
tag.
4.3.2 Challenge Tags
In Coisel et al. three properties regarding the handling of challenge tags were
specified, the ability to play with all tags, the choice of challenge tags and the
ability for an adversary to reveal the secrets of specific tags.
Interact with all Tags
If a model does not allow an adversary to a interact with all tags, it could be
considered a limitation. This property is particular important when analyzing
protocols that make use of correlated secrets, as it does not allow the adversary
to fully exploit the secret key structure. The model by Avoine; only allows
the adversary to access 2 tags. All other models included in the comparison,
including the presented model, do not limit the adversary’s ability to play with
all tags.
Choose and Corrupt Challenge Tags
The abilities for an adversary to choose and corrupt challenge tags are related
to the notion of forward secrecy. The abilities determines whether the adver-
1For example, running a protocol session with a fake secret or state.
54 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
sary can distinguish tags when its long term or ephemeral secrets are revealed.
Avoine’s is the only model that does not allow the adversary to do this. In other
models by Vaudenay, Canard et al. and Hermans et al., this ability is only lim-
ited by the class of adversary. For example, when assuming a STRONG adversary
the adversary is assumed to corrupt any tag, including challenge tags, whereas
it is not possible to corrupt any tag when the adversary is WEAK.
In comparison with previous models, our model presented allows a greater flexi-
bility of adversary ability. The introduction of Weak−Game and Strong−Gameintroduces the ability for an adversary to corrupt all tags except the challenge
tag. For instance, during a typical (Strong) game with an Active+C1 adversary,
similar to previous models, the adversary is able to corrupt all tags including the
challenge tags. However, when playing a Weak game with the same adversary
the adversary is able to corrupt any tag except the two challenge tags. The
extra set of privacy notions is particular critical for protocols such as tree-based
protocols, where keys can be related, allowing finer separation of results.
4.3.3 NARROW/WIDE Adversaries
Another property in relation to adversary powers is the notion of NARROW and
WIDE adversary. WIDE adversaries can ask for results of a protocol session whereas
a NARROW adversary does not. The two types of adversaries was first introduced
in the model by Vaudenay and subsequently used by Canard et al. and Hermans
et al. Thus the adversaries are not present in the earlier models by Avoine [5]
and Juels-Weis [33]. The notions allowed weaker protocols to achieve reasonable
levels of privacy which would otherwise not be possible. The presented model
not only considers both types of adversaries but also introduces weaker notions
of privacy allowing an even finer distinction between both weaker and stronger
protocols as shown in the following section.
4.4 Comparison of Analyzing Previous Proto-
cols
Of particular concern was the conclusion of Coisel et al. [19], as discussed in
chapter 3, that none of the models was able to distinctively identify the privacy
4.4. Comparison of Analyzing Previous Protocols 55
differences between the protocols. The difference between tree-based and SK-
protocols was shown to be the most difficult to distinguish. Thus this section
uses the same five protocols as a baseline for comparison with other models and
shows that the proposed model can distinguish between all five. Proofs of the
protocols are shown in the following section. A summary of the results can
be found in table 4.4 and table 4.5, and the results of the proposed model are
presented in 4.6.
Of the five protocols discussed in this section, four of the protocols use a ran-
dom function, denoted as H or G, as a core building-block. Although practically
when implemented, the protocols are to use hash functions or message authenti-
cation codes, the designers do not specify any concrete algorithm. An approach
to model these functions is the use of a random oracle, where the function is
treated as a black-box with random outputs for each unique input. However,
it has been debated that since no concrete hash function can act as a random
oracle, proofs using the oracle can be impractical. Thus, the proofs in this sec-
tion will not model these functions using the random oracle but instead as a
pseudorandom function. Details of the pseudorandom function properties can
be found in appendix A.1.
Model Avoine Juels-Weis VaudenaySK-based Ext-UNT-RTE (r,s,t) WEAK
OSK-based Ext-UNT-RTE NotPrivate NARROW-DESTRICTIVEO-FRAP Ext-UNT-RTE (r,s,t) WEAK
Tree-based Ext-UNT-RTE NotPrivate WEAKPK-based Ext-UNT-RTE Forward (r,s,t) NARROW-STRONG
Table 4.4: Privacy Results of Previous Models - 1
Model CCEG HPVPSK-based Untraceability WEAK
OSK-based NotPrivate NARROW-DESTRICTIVEO-FRAP Untraceability WEAK
Tree-based Untraceability WEAKPK-based Future-Untraceability NARROW-STRONG
Table 4.5: Privacy Results of Previous Models - 2
SK-Based Protocol
Theorem 4.4.1. The SK-based protocol2 shown in Figure 4.7 is Weak Ac-
2See chapter 3.4.1 for more detailed description of the protocol.
56 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
Protocol ResultsSK-Protocol Weak Active+C1 Stateless
OSK Protocol Weak Active+C1 Stateful(Weak Passive+C1 Stateful)O-FRAP Destructive+C1+C2 Stateful(2) Private
Tree-Based Active StatelessPK-Based Active+C1 Stateless
Table 4.6: Privacy Results of Proposed Models
Reader Tag
K K
NR ∈R {0, 1}αNR−→ NT ∈R {0, 1}α
H(K‖NR‖NT ),NT←−
Table 4.7: SK-Based Protocol
tive+C1 Stateless Private.
Proof:
The proof is given by the ability for the PRF adversary, APRF , to build a
distinguisher that can win the PRF game, shown in appendix A.1, with non-
negligible probability. This is done by using the privacy game adversary, AGame
which can win the privacy game with non-negligible probability.
The output of C will be used as the output of the PRF inside the privacy
game. The construction of the distinguisher is as follows:
• APRF interacts with AGame in place of the challenger CGame
• SetupReader(rpd) is executed, followed by the execution of Setup-
Tag(T) p unique3 times, where p ≥ 2. For each unique SetupTag(T),
APRF generates and assign values of K arbitrarily.
• Initiate(T ) is simulated byAPRF checking the session table of both R and
T . New unique values, πR and πT , are created and inserted respectively.
πR and πT are returned to AGame.
• Execute(T ) is simulated by first generating two random nonces RRi, RTi
and retrieving K corresponding to the called T . Message x is then created,
where x=K‖RRi‖RTi . x is in turn given to C returning message y. πR and
3The uniqueness refers to the values of T
4.4. Comparison of Analyzing Previous Protocols 57
πT are generated similarly to Initiate(T ). Lastly, (πR, πT , [RRi, RTi , y],
Y) is returned.
• SendTag(πT ,T, m) is simulated based on different circumstances. To be-
gin, if identifier T exists, the corresponding K is retrieved, otherwise φ is
returned to signal a non-existent tag. In the case of a well formed message
m, i.e. a value of length α is received. RTi is generated randomly and
together K‖m‖RTi is given to C. The output y and RTi is returned. If
message m is not well formed, φ is returned.
• SendReader(πR, T , m) is simulated by verifying if session πR exists and
ensuring that it is associated with T . If the session exists the corresponding
RRiand K is retrieved, if RRi
does not exist φ is returned. APRF validates
using C if message m is correctly formed, i.e. if m = y, mi, where y is
the output of C with input K‖RRi‖mi. Else if m is not well formed, φ is
returned.
• CorruptTag(T ), is simulated by first verifying that T exists. If T exist,
values K corresponding to T is returned. If T does not exist, φ is returned.
• Sync, is simulated by verifying that T exists. If T exist,Y is returned. If
T does not exist, φ is returned.
• At the end of Phase 1 AGame selects two tags Ti, Tj, both of which have
not been corrupted. APRF selects c, where c ∈{0,1}. If c = 0, Ti = Ta, Tj
= Tb, else Ti = Tb, Tj = Ta.
• The game continues on to Phase 2 with the operations of APRF functioning
as described for Phase 1.
• At the end of Phase 2, AGame outputs c′.
APRF than ends the game with C by outputting b′, where if c′ = c, b′ = 0, else
b′ = 1. Note that APRF win the PRF game when b = b′, thus when b = 0, where
C uses PRF , AGame outputs c′ = c with non-negligible probability. However,
when b = 1 C only replies with random messages. Thus, it is not possible for
AGame to gain any advantage. Thus
58 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
Pr(A wins) = Pr(b = b′)
= Pr(b′ = 0|b = 0)1
2+ Pr(b′ = 1|b = 1)
1
2
= Pr(c′ = c|b = 0)1
2+ Pr(c′ 6= c|b = 1)
1
2
= (1
2+ ε)
1
2+
1
4
=1
2+ε
2(4.1)
Therefore, if ε is non-negligible ε2
is also non-negligible. This concludes the
proof.
OSK Protocol
Theorem 4.4.2. The OSK protocol4 [48] shown in figure 3.2 is: Weak Active+C1
Stateful Private if the number of consecutive failed sessions at a tag is less than
δ. Otherwise the protocol is Weak Passive+C1 Stateful Private.
Proof:
Evidently the scheme would not be Strong private, since by obtaining S at any
point in time will allow the adversary to obtain all subsequent updates of S
though G. However, the reverse is not true.
Assuming that secrets S are chosen uniformly at random, the scheme can
achieve Weak Privacy. The proof is identical to that of the SK-Based protocol
but with an extra one-way function G. For the definition of a one-way function
see appendix A.2.
The proof is given by the ability for the PRF adversary, APRF , to build a
distinguisher that can win the PRF game, shown in appendix A.1, with non-
negligible probability. This is done by using the privacy game adversary, AGame
which can win the privacy game with non-negligible probability. In this particular
case, the underlying PRF refers to function H of the protocol. A one-way
function will be used to simulate function G.
The adversary APRF uses C as the PRF function. APRF starts a PRF game
with CA one-way function, (G), is simulated by APRF where on input a value
4See chapter 3.4.1 for more detailed description of the protocol.
4.4. Comparison of Analyzing Previous Protocols 59
xi ∈ {0, 1}β, generate and returns a unique random value yi ∈ {0, 1}δ. Values
xi and yi are then stored on a table. All values of x and y are to be unique
within the table. On the event that a previous xj is used as input, the previously
assigned yj is returned.
The distinguisher would be built as follows:
• APRF interacts with AGame in place of the challenger CGame
• SetupReader(rpd) is executed, followed by the execution of Setup-
Tag(T) p unique5 times, where p ≥ 2.For each unique SetupTag(T),
APRF generates and assign values of S arbitrarily. Since this protocol is
a stateful protocol, S has to replicated twice, once by the reader and the
other by the tag, both of which are simulated by APRF . However, for the
purpose of this proof, S will indicate the valued stored in the tag, and S ′
will indicate the value stored by the reader.
• Initiate(T ) is simulated byAPRF checking the session table of both R and
T . New unique values, πR and πT , are created and inserted respectively.
πR and πT are returned to AGame.
• Execute(T ) is simulated by first generating a random nonce RRiand re-
trieving S and S ′ corresponding to the called T . If S 6= S ′, S would be
inputted to G and be replaced by the output until S = S ′.Message x is then
created, where x=S‖RRi. x is in turn given to C returning y. πR and πT
are generated similarly to Initiate(T ). S is passed though G once more,
updating the state of the tag. Lastly, (πR, πT , [RRi, y], Y) is returned.
• SendTag(πT ,T, m) is simulated based on different circumstances. To begin,
If identifier T exists, the corresponding S and S ′ is retrieved, otherwise φ is
returned to signal a non-existent tag. In the case of a well formed message
m, i.e. a value of length α is received. S‖m is given to CThe output y
is returned. If message m is not well formed, φ is returned. S is passed
though G updating the state of the tag.
• SendReader(πR, T , m) is simulated by verifying if session πR exists and
ensuring that it is associated with T . If session exists the corresponding
RRi, S and S ′ is retrieved, if RRi
does not exist φ is returned. If S 6= S ′, S ′
5The uniqueness refers to the values of T
60 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
would be inputted to G and be replaced by the output until S = S ′. APRF
validates using C if message m is correctly formed, i.e. if m = y, mi, where
y is the output of C with input S ′‖RRi‖mi. Else if m is not well formed, φ
is returned.
• CorruptTag(T ), values S corresponding to T is retuned. If T does not
exist, φ is retuned.
• Sync, if S = S ′ Y is returned, else N is returned.
• At the end of Phase 1 AGame selects two tags Ti, Tj, both of which has not
been corrupted. APRF selects c, where c ∈{0,1}. If c = 0, Ti = Ta, Tj =
Tb, else Ti = Tb, Tj = Ta.
• BlindExecute is performed on both Ta and Tb. The operations are identical
to that of Execute only that nothing is outputted to AGame. For this
protocol, BlindExecute only has to be performed once.
• The game continues on to Phase 2 with the operations of APRF functioning
as described for Phase 1.
• At the end of Phase 2, AGame outputs c′.
APRF than ends the game with C by outputting b′, where if c′ = c, b′ = 0, else
b′ = 1. Note that APRF win the PRF game when b = b′, thus when b = 0, where
C uses PRF , AGame outputs c′ = c with non-negligible probability. However,
when b = 1 C only replies with random messages. Thus, it is not possible for
AGame to gain any advantage. Thus
Pr(A wins) = Pr(b = b′)
= Pr(b′ = 0|b = 0)1
2+ Pr(b′ = 1|b = 1)
1
2
= Pr(c′ = c|b = 0)1
2+ Pr(c′ 6= c|b = 1)
1
2
= (1
2+ ε)
1
2+
1
4
=1
2+ε
2(4.2)
4.4. Comparison of Analyzing Previous Protocols 61
Therefore, if ε is non-negligible ε2
is also is non-negligible. This concludes the
proof.
O-FRAP
Reader Tag
(ID−1, K−1, S−1), (ID, K, S) ID, K, S
NR ∈R {0, 1}αNR−→
v = F (K,NR, S)v = v1‖v2‖v3‖v4
S,v2←−Computes v′3 S = v1
v′3−→If v′3=v3, K = v4
Figure 4.1: O-FRAP Protocol
Theorem 4.4.3. The O-FRAP protocol6 shown in figure 4.1 is Destructive+C1+C2
Stateful(2) Private.
Proof:
The protocol functions very similar to the SK protocol; the privacy properties
are also very similar. The most comparable privacy level it can achieve is WEAK
Stateful+C1 private. However, unlike the OSK protocol, the update of the tag is
not merely dependent on the previous secret, therefore the protocol can achieve
Destructive+C1+C2 Stateful(2) Private. On the contrary, the protocol cannot
achieve Stateful+C1 privacy since it is possible for the adversary to impersonate
a party to desrupt the other party beyond resynchronization.
The proof is given by the ability for the PRF adversary, APRF , to build a
distinguisher that can win the PRF game, shown in appendix A.1, with non-
negligible probability. This is done by using the privacy game adversary, AGame
which can win the privacy game with non-negligible probability.
The output of C will be used as the output of the PRF inside the privacy
game. The construction of the distinguisher is as follows:
• APRF interacts with AGame in place of the challenger CGame
6See chapter 3.4.1 for more detailed description of the protocol.
62 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
• SetupReader(rpd) is executed, followed by the execution of Setup-
Tag(T) p unique7 times, where p ≥ 2.For each unique SetupTag(T),
APRF generates and assign values of K arbitrarily.
• Initiate(T ) is simulated byAPRF checking the session table of both R and
T . New unique values, πR and πT , are created and inserted respectively.
πR and πT are returned to AGame.
• Execute(T ) is simulated by first generating a random nonce NRiand re-
trieving (K, S) at the tag, and (K’−1, S’−1),(K’, S’) at the reader, corre-
sponding to the called T . Message K‖NRi‖S is passed on to C returning w.
w is separated into four messages v1, v2, v3 and v4. (K’−1, S’−1) is updated
to (K, S). Subsequently (K, S) and (K’, S’) are updated to (v1, v4). πR and
πT are generated similarly to Initiate(T ). Lastly, (πR, πT , [NRi, (S−1,
v2), v3], Y) is returned.
• SendTag(πT ,T, m) is simulated based on different circumstances. If iden-
tifier T exists, APRF determines if m is the first for last message of pro-
tocol by reviewing previous actions. Otherwise φ is returned to signal a
non-existent tag. If m is the initial message, the corresponding (K, S) is
retrieved. A random nonce NRiis generated. Message K‖NRi
‖S is passed
on to C returning w. w is separated into four messages v1, v2, v3 and v4.
(S, v2) is returned to AGame. S is updated to the value of s1. If m is the
final message of the protocol, m is compared to v3, if m = v3, then K is
updated to v4. Y is returned to AGame. If m 6= v3, N is returned.
• SendReader(πR, T , (S, v2)) is simulated by verifying if session πR exists
and ensuring that it is associated with T . If session exists the corresponding
NRi, (K, S), (K’, S’) and (K’−1, S’−1) is retrieved, if RRi
does not exist φ is
returned. Message K‖NRi‖S is passed on to C returning w. w is separated
into four messages v′1, v′2, v
′3 and v′4. If v′2 = v2, K’
−1 = S and K = v′4. v′3 is
returned to AGame. Otherwise if v′2 6= v2, φ is returned.
• CorruptTag(T ), values (K, S) corresponding to T is returned. If T does
not exist, φ is returned.
• Sync, is simulated by verifying that T exists. If T exist,Y is returned. If
T does not exist, φ is returned.
7The uniqueness refers to the values of T
4.4. Comparison of Analyzing Previous Protocols 63
• CorruptReader, all values (K’, S’) and (K’’−1, S’’−1) are retuned.
• Sync(T ), the corresponding (K, S) and (K’, S’) are retrieved for T . If K =
K’, Y is returned. Otherwise, N is returned.
• At the end of Phase 1 AGame selects two tags Ti, Tj, both of which have
not been corrupted. APRF selects c, where c ∈{0,1}. If c = 0, Ti = Ta, Tj
= Tb, else Ti = Tb, Tj = Ta.
• BlindExecute is performed on both Ta and Tb. The operations are identical
to that of Execute only that nothing is outputted to AGame. For this
protocol, BlindExecute has to be performed twice.
• The game continues on to Phase 2 with the operations of APRF functioning
as described for Phase 1.
• At the end of Phase 2, AGame outputs c′.
APRF than ends the game with C by outputting b′, where if c′ = c, b′ = 0, else
b′ = 1. Note that APRF win the PRF game when b = b′, thus when b = 0, where
C uses PRF , AGame outputs c′ = c with non-negligible probability. However,
when b = 1 C only reply iwth random messages. Thus, it is not possible for
AGame to gain any advantage. Thus
Pr(A wins) = Pr(b = b′)
= Pr(b′ = 0|b = 0)1
2+ Pr(b′ = 1|b = 1)
1
2
= Pr(c′ = c|b = 0)1
2+ Pr(c′ 6= c|b = 1)
1
2
= (1
2+ ε)
1
2+
1
4
=1
2+ε
2(4.3)
Therefore, if ε is non-negligible ε2
is also is non-negligible. This concludes the
proof.
64 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
Reader Tag
k1, k2, k3, ...k∗NR−→
ki⊕fs(0‖NR‖NT ),NT←−Accept/Reject−→
ki⊕fs(1‖NR‖NT )−→Accept/Reject−→
...Repeat for all k
Figure 4.2: Tree-based Protocol
Tree-based Protocol
Theorem 4.4.4. The tree-based protocol8 is Active Stateless Private
Proof:
The proof is similar to that of the SK-protocol described in section 4.7.2, only
in tree-based protocols the corruption of a large number of non-challenge tags
would allow the adversary to win the Weak Active+C1 Stateless Private with
a non-negligible advantage. Thus the protocol can only achieve Active State-
less Privacy. However, given a bound on the number of times CorruptTag can
be called, Weak Active+C1 Stateless Privacy can be achieved. This bound is
investigated later in chapter 7.
The proof is given by the ability for the PRF adversary, APRF , to build a
distinguisher that can win the PRF game, shown in appendix A.1, with non-
negligible probability. This is done by using the privacy game adversary, AGame
which can win the privacy game with non-negligible probability.
The output of C will be used as the output of the PRF inside the privacy
game. The construction of the distinguisher is as follows:
• APRF interacts with AGame in place of the challenger CGame
• SetupReader(rpd) is executed, followed by the execution of Setup-
Tag(T) p unique9 times, where p ≥ 2. For each unique SetupTag(T),
APRF generates and assign values of K arbitrarily.
8See chapter 3.4.1 for more detailed description of the protocol.9The uniqueness refers to the values of T
4.4. Comparison of Analyzing Previous Protocols 65
• Initiate(T ) is simulated byAPRF checking the session table of both R and
T . New unique values, πR and πT , are created and inserted respectively.
πR and πT are returned to AGame.
• Execute(T ) is simulated by first retrieving all Ks corresponding to the called
T . A number of random nonce pairs RRi, RTi are generated equal to the
number of K. Message x is then created for each K, where x=K‖RRi‖RTi .
Each x is in turn given to C returning the same number of y. πR and πT
are generated similarly to Initiate(T ). Lastly, all (RRi, RTi), (πR, πT , y,
Y) is returned.
• SendTag(πT ,T, m) is simulated based on different circumstances. If iden-
tifier T exists, all corresponding Ks are retrieved, otherwise φ is returned
to signal a non-existent tag. In the case of a well formed message m, i.e. a
value of length α is received. APRF checks if πT is the previous incomplete
session, if so, the next K is retrieved. Otherwise, the first K is retrieved. RTi
is generated randomly and together K‖m‖RTi is given to C. The output y
and RTi is returned. If message m is not well formed, φ is returned.
• SendReader(πR, T , m) is simulated by verifying if session πR exists and
ensuring that it is associated with T . If session exists the corresponding
RRiand K is retrieved, if RRi
does not exist φ is returned. APRF validates
using C if message m is correctly formed, i.e. if m = y, mi, where y is
the output of C with input K‖RRi‖mi. Else if m is not well formed, φ is
returned.
• At the end of Phase 1 AGame selects two tags Ti, Tj, both of which have
not been corrupted. APRF selects c, where c ∈{0,1}. If c = 0, Ti = Ta, Tj
= Tb, else Ti = Tb, Tj = Ta.
• The game continues on to Phase 2 with the operations of APRF functioning
as described for Phase 1.
• At the end of Phase 2, AGame outputs c′.
APRF than ends the game with C by outputting b′, where if c′ = c, b′ = 0, else
b′ = 1. Note that APRF win the PRF game when b = b′, thus when b = 0, where
C uses PRF , AGame outputs c′ = c with non-negligible probability. However,
66 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
when b = 1 C only reply iwth random messages. Thus, it is not possible for
AGame to gain any advantage. Thus
Pr(A wins) = Pr(b = b′)
= Pr(b′ = 0|b = 0)1
2+ Pr(b′ = 1|b = 1)
1
2
= Pr(c′ = c|b = 0)1
2+ Pr(c′ 6= c|b = 1)
1
2
= (1
2+ ε)
1
2+
1
4
=1
2+ε
2(4.4)
Therefore, if ε is non-negligible ε2
is also is non-negligible. This concludes the
proof.
Public Key Protocol
Reader Tag
rsk, K, IDT rpk, K, IDTNR ∈R {0, 1}α
NR−→mT = ENCrpk(NR‖IDT‖K)
mT←−
Figure 4.3: Vaudenay’s Public Key Protocol
The protocol shown in figure 4.310 is presented by Vaudenay in [59]. The
protocol uses a public-key pair rsk and rpk. The reader starts the authentication
session by first generating a random nonce, NR, which is sent to initiate the
session with the tag. The tag replies with a message mT with the concatenation
of the receive nonce , NR, its identifier IDT and its shared secret K encrypted
using the public key of the reader rpk. After the reader receives mT , the message
is decrypted using the private key of the reader and its contents are matched with
the back-end database.
10See chapter 3.4.1 for more detailed description of the protocol.
4.4. Comparison of Analyzing Previous Protocols 67
Theorem 4.4.5. Scheme in Figure 4.3 is Active+C1 Stateless Private if (ENCrpk, DECrsk)
is LOR-CCA secure(see appendix A.3).
Proof:
We show that using an adversary that can win the StatelessActive+ C1 Game
with non-negligible advantage, it is possible to construct an adversary that can
break LOR − CCA2. In the proof two games are played concurrently by three
parties: the challenger, C, CCA Adversary, ACCA and AGame, an adversary that
can break the StatelessActive + C1 Game with non-negligible advantage. A
LOR−CCA2 game is played between C and ACCA, and a StatelessActive+C1
Game is played between ACCA and AGame. The CCA experiment can found in
appendix A.3.
To begin the game, SetupReader(rpd) is executed, followed by the execution of
SetupTag(T) p unique times, where p ≥ 2. The public key of the LOR−CCA2
Game is used for the public key of the protocol(rpk). The simulation of oracles
by ACCA to AGame is as follows:
• Execute(T ), If T exists, ACCA generates values πR ,πT , and NR. The
corresponding IDT and K are retrieved creating the message NR‖IDT‖K.
Finally (πR ,πT , (ENCrpk(NR‖IDT‖K), NR, Y) is returned.
• Initiate(T ), ACCA generates values πR and πT . Both values are stored
and returned to AGame.
• SendTag(πT , T,m), If πT exists and it is Active, ACCA retrieves IDT and
KT for tag T and generates message m‖IDT‖KT . ENCrpk(NR‖IDT‖K) is
returned to AGame. Else, φ is returned.
• SendReader(πR,m), If πR exists and that it is Active, ACCA forwards mes-
sage m to C for decryption, returning NR‖IDT‖K. If IDT and K exists
and corresponds to T then Y is returned. If πT exists but IDT and or K
does not correspond to T , or the message is not well-formed, N is returned.
Else φ is returned.
• CorruptTag(T ), values K and IDT corresponding to T is returned. If T
does not exist, φ is returned.
• Sync, since the protocol cannot be desynchronized, Y is always returned.
68 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
ACCA and AGame plays Phase 1 of the Stateless privacy game as specified. Even-
tually AGame select challenge tags Ti and Tj. ACCA removes Ti and Ti from the
system and they are reassigned as Ta and Tb11.
During phase 2, for every instance of Execute(Ta) or SendTag (Ta), ACCA
passes messages (m0, m1) to C where m0 = NR‖IDTa‖K and m1 = NR‖IDTb‖Kand returns the response from C to AGame as described above. Similarly, for
every instance of Execute(Tb) or SendTag (Tb), ACCA passes messages (m0, m1)
to C where m0 = NR‖IDTb‖K and m1 = NR‖IDTa‖K.
EventuallyAGame outputs c′, ACCA outputs b′ = c′. Evidently, Pr[ACCA wins] =
Pr[AGame wins]. Thus given AGame wins with non-negligible advantage, ACCA
also wins with non-negligible advantage.
This concludes the proof.
4.5 Impossibility of Stateless Protocols to Achieve
Strong-Stateful Privacy
One of the most interesting novelties of the model is the addition of the State-
ful privacy notions. Of most importance is the difference between this notion
and the more traditional Stateless privacy notion. The notions are intended
to complement each other to maximize the flexibility in capturing the privacy
differences between their respective protocols. One of the main reasons no one
notion is strictly stronger than the other is due to the result in this section.
This section describes an attack within any Strong-Stateful game that al-
lows the adversary to trivially win thus showing the impossibility for stateless
protocols to achieve any notions of Strong Stateful privacy. The adversary Aproceeds as follows:
• SetupReader(rpd)
• Tα ←SetupTag(Tα)
• Tβ ←SetupTag(Tβ)
• (Kα, Sα)← CorruptTag(Tα)
11For simplicity it is assumed that ACCA always picks 0. Thus bGame = 0
4.6. Minimalistic Generic Stateful Scheme Construction 69
• Ta, Tb ← Tα, Tβ
• (Ka, Sa)← CorruptTag(Ta)
• if (Ka, Sa) = (Kα, Sα) b′ = 0, else b′ = 1
• output b′
Evidently A wins with probability 1. The above attack assumes a C1 ad-
versary, however, a similar attack can be launched for a C2 adversary using
CorruptReader. In other words, since secrets of stateless protocols remain un-
changed throughout their lifetime, it is impossible for such tags to remain un-
traceable if an adversary has the ability to corrupt their secrets more than once.
This is true even in cases where the corruption of secrets does not enable the
adversary to impersonate the corrupted tag.
4.6 Minimalistic Generic Stateful Scheme Con-
struction
The main purposes of this section are two-fold: To establish a privacy level
baseline for stateful protocols and to demonstrate the model’s consideration for
weaker protocols. The protocol shown in this section is a minimalistic generic
stateful scheme designed to exhibit the baseline level of privacy that can be
achieved by any stateful protocol. The scheme shown in figure 4.4 is arguably
the most simplified abstraction of a stateful protocol. The only operation that is
performed by the entire protocol is state update after each successful authentica-
tion session. It should also be noted that in this particular protocol the new state
S ′ is generated at random by the reader, thus it is not dependent on the previous
state S. If the states are not independent it would not be possible for this pro-
tocol to achieve any levels of Strong privacy. Interestingly, this scheme would
not be able to achieve any level of privacy in any previously mentioned models.
This section will show that this scheme is Stateful Passive+C1+C2 Private in
the proposed model.
Theorem 4.6.1. Scheme in Figure 4.4 is Stateful Passive+C1+C2 Private
Proof:
To begin the proof, SetupReader(rpd) is executed, followed by the execution
70 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
Reader Tag
S S?−→S←−
S ′ ∈R {0, 1}αS′−→
S = S ′
Figure 4.4: Generic Stateful Scheme Construction
of SetupTag(T) p unique times, where p ≥ 2. For each unique SetupTag(T),
C generates unique arbitrary values and assigns them to S.
• Execute(T) is simulated by C first verifying that T exists. If T exists, new
unique values, πR and πT , are created and inserted into the session table.
The corresponding S is retrieved, before unique S ′ ∈R {0, 1} is generated.
Message (πR, πT , [S, S ′]) is returned. Finally the output is stored into the
session table of both parties. However if T is not found, φ is returned.
• CorruptTag(T) always return φ as it is not used in this scheme.
• CorruptState(π, T ) is simulated by C first verifying that T exists and
that the corresponding π also exists. If both are found the matching S is
returned. Otherwise φ is returned.
• CorruptMemory(T) will return φ as operations performed do not require
the use of temporary memory for computation.
• CorruptReader is simulated by returning the table of all current tag iden-
tifiers T along with their corresponding state S.
• Sync(T) would return Y as it is not possible for a Passive adversary to
cause synchronization issues.
The Adversary plays the (stateful) game with the challenger as specified and out-
puts b′. Adversary wins if b′ = b. Note that as S ′ is not encrypted in any form,
it can be assumed that the adversary does not even need to call CorruptState
to know S. Evidently the privacy of the scheme relies on the relation between
S and S ′, namely Si and Si+1 where Si represents the state of Ti12 just before
12Using Tj in-place of Tiwould yield the same result
4.7. Stateful Public-Key Protocol 71
BlindExecute(Ti) is called at the beginning of Phase 2. Thus it is possible to
construct the following G StateA,C game:
• Si and Si+1 are generated as per protocol specification13
• A is given Si
• C selects b ∈R {0, 1}
• If b = 0, m = Si+1, else m ∈R {0, 1}|Si+1|, m is given to A
• A outputs b′
• A wins if b′ = b
Since Si+1 is also generated at random, and C is honest,
|Pr GStateA,C b′ = b| ≤ 1
2.
The proof will follow to show that given an adversary, A, that wins the Stateful
Passive+C1+C2 privacy game with non-negligible advantage it is possible to
create an adversary, A′, that wins the G StateA,C game with non-negligible advantage.
A is an adversary that on input a pair of states (A,B) and (C,D) output 0 if C
and D correspond to A and B respectively, else A outputs 1.
To play the G StateA,C game, after A′ receives m, A′ generates values x1 and x2. A
′
passes the pair (Si, x1) and (m,x2) to A. At the end of the game A′ outputs value
b′ based on A’s output. Therefore A′ wins with non-negligible advantage if A
wins with non-negligible advantage. However, since |Pr A’ wins| ≥ |Pr A wins|and |Pr A’ wins| ≥ 1
2+ ε, hence |Pr A wins| ≥ 1
2+ ε. This concludes the proof.
4.7 Stateful Public-Key Protocol
The protocol show in this section can be used to demonstrate the usefulness
of Stateless privacy notions. The protocol in Stateless scenarios behaves very
similarly to the Public-Key protocol. However, due to the impossibly result
presented in section 4.5 the Public-Key protocol cannot achieve strong levels of
Stateless privacy. Thus the protocol presented in this section is modified from
the Public-Key protocol with the objective of achieving Stateful privacy.
13i.e. Si ∈R {0, 1}, Si+1 ∈R {0, 1}, and that Si 6= Si+1
72 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
Reader Tag
rsk, IDR, ID−1R rpk, STNR ∈R {0, 1}α
NR−→NT ∈R {0, 1}αS+1T ∈R {0, 1}β
IDT = PUF(ST )ID+1
T = PUF(S+1T )
mT = ENCrpk(NR‖IDT‖ID+1T ‖NT )
mT←−DECrsk(mT )→
if IDT = IDR, ID−1R = IDR
IDR = ID+1T
NT−→if NT = NT , ST = S+1
T
Figure 4.5: Active+C1 Stateful Private Protocol
The scheme shown in Figure 4.5 is a stateful protocol using both public-key
and a Physical Unclonable Function PUF. A PUF is a hardware pseudorandom
function which is unique to each tag, thus it is not assumed to be public. After
each successful protocol execution, the state S is updated.
Theorem 4.7.1. Scheme in Figure 4.5 is Active+C1 Stateful Private if (ENCrpk, DECrsk)
is LOR-CCA(see appendix A.3) secure.
Proof:
The section will show that using an adversary that can win the Stateful Ac-
tive+C1 Game with non-negligible advantage, it is possible to construct an ad-
versary that can break CCA2. In the proof two games are played by three
parties: the challenger, C, CCA Adversary, ACCA and AGame, an adversary that
can break the Active+C1 Game with non-negligible advantage. A CCA2 game is
played between C and ACCA, and a Stateful Active+C1 Game is played between
ACCA and AGame. The CCA experiment can found in appendix A.3.
To Physical Unclonable Function(PUF), function identically to the PRF(see ap-
pendix A.1) used in other proofs. However, unlike a PRF , AGame is not given
access to the PUF .
To begin the proof, SetupReader(rpd) is executed, followed by the exe-
cution of SetupTag(T) p unique times, where p ≥ 2. The public key of the
4.7. Stateful Public-Key Protocol 73
IND-CCA2 Game is used for the public key of the protocol(rpk). The simula-
tion of oracles by ACCA to AGame are as follows:
• Initiate(T ), ACCA generates values πR and πT . πR and πT are marked as
Active. Both values are stored and returned to AGame.
• Execute(T ), If T exists, ACCA generates values πR ,πT , and NR. Values
NR ∈R {0, 1}α, NT ∈R {0, 1}α and S+1T ∈R {0, 1}β are generated. ST
and ID+1T are passed to the PUF with outputs IDT and ID+1
T respectively.
The message mT=(NR‖IDT‖ID+1T ‖NT ) is encrypted using rpk. The cor-
responding ST and S+1T are also retrieved. If IDR = IDT , then ID−1R is
replaced by IDR and IDR is replaced by ID+1R , if IDR = ID−1R then only
IDR is replaced by ID+1R . Result of πR and πT are marked as Y . (πR ,πT ,
[NR, mT , NT ]) are returned to ACCA.
• Initiate(T ), ACCA generates values πR and πT . Both values are stored
and returned to AGame.
• SendTag(πT , T,NR), If πT exists and it isActive, the corresponding ST is re-
trieved, otherwise φ is returned. Values NT ∈R {0, 1}α and S+1T ∈R {0, 1}β
are generated. ST and ID+1T are passed to the PUF with outputs IDT and
ID+1T respectively. The message (NR‖IDT‖ID+1
T ‖NT ) is encrypted using
rpk and returned as mT .
• SendTag(πT , T,NT ), If πT exists and that it is Active, ACCA the corre-
sponding ST and S+1T are retrieved, else φ is returned. If NT corresponds
to the NT used in πT , the value of ST is replaced by the value of S+1T . Y is
recorded in the Result and S+1T is then removed. N is otherwise recorded
as the Result.
• SendReader(πR,m), If πR exists the corresponding ST and S+1T are re-
trieved. mT is forwarded to C for decryption, returning (NR‖IDR‖ID+1R ‖NT ).
If IDR = IDT , then ID−1R is replaced by IDR and IDR is replaced by ID+1R
before NT is returned. If IDR = ID−1R then only IDR is replaced by ID+1R
before NT is returned. If IDR 6= IDRorID−1R then φ is returned.
• CorruptTag(T ), values (K, S) and IDT corresponding to T is retuned. If
T does not exist, φ is retuned.
74 Chapter 4. State-Aware RFID Privacy Model with Reader Corruption
• Sync, ACCA retrieves and computes IDT before evaluating if IDT = IDR.
If IDT = IDR, Y is returned, else N is returned.
ACCA and AGame plays Phase 1 of the Stateful privacy game as specified. Even-
tually AGame select challenge tags Ti and Tj. ACCA removes Ti and Ti from the
system and are reassigned as Ta and Tb14.
During phase 2, for every instance of Execute(Ta) or SendTag (Ta), ACCA
passes messages (m0, m1) to C where m0 = NR‖IDTa‖K and m1 = NR‖IDTb‖Kand returns the response from C to AGame as described above. Similarly, for
every instance of Execute(Tb) or SendTag (Tb), ACCA passes messages (m0, m1)
to C where m0 = NR‖IDTb‖K and m1 = NR‖IDTa‖K.
EventuallyAGame outputs c′, ACCA outputs b′ = c′. Evidently, Pr[ACCA wins] =
Pr[AGame wins]. Thus given AGame wins with non-negligible advantage, ACCA
also wins with non-negligible advantage.
This concludes the proof.
Theorem 4.7.2. Scheme in Figure 4.5 is also Destructive+C1+C2 Stateful Pri-
vate if (ENCrpk, DECrsk) is CCA2 secure.
Proof:
The proof is very similar to the one shown above with the additional simulation
of the two oracles below:
• CorruptMemory (πT , T ), ACCA checks if πT of T is Active. If πT is Active,
ACCA returns (IDT , NT , S+1T , ID+1
T ,mT ).
• CorruptReader, The contents of the database is given to AGame. This
would include rsk, (IDR, ID−1R ) for all T .
As ID−1R is also stored in the database, BlindExecute would need to be called
twice for the protocol to be private. The remainder of the proof remains identical
to the one above.
4.8 Achieving Active+C1+C2 Privacy
Some important difficulties must be overcome in order to achieve the highest level
of privacy defined by the model: Active+C1+C2 whether Stateful or Stateless.
14For simplicity it is assumed that ACCA always picks 0. Thus bGame = 0.
4.9. Conclusion 75
First and foremost is the ability for the protocol to recover from corruption of
both the tag and database. By have both pieces of information, it is possible
for an adversary to impersonate any party. In the stateful scenario, it is possible
to trivially win the experiment by updating one party with un-matching states,
thus cause all subsequent sessions to fail: effectively a Denial-of-Service attack.
Similarly for a stateless protocol, it would be very difficult, if not impossible, to
achieve this level of privacy. Since stateless protocols do not update their state,
once all information are known to the adversary it will be trivial into tracing
tags by simply impersonating the reader. Thus it is most likely that this level of
privacy can only be achieved when some additional assumptions are meet, such
as distance-bounding.
4.9 Conclusion
Chapter 3 discussed concerns that were raised by Coisel et al. [19] in the ability
of current RFID models to capture various privacy properties. It is suggested by
Coisel et al. that current models do not offer sufficient notions of privacy need
to analyze the privacy differences in proposed protocols. The model proposed
in this chapter not only aims to address the concerns raised, but also capture
notions of privacy not offered in current models. By offering a new corruption
model, the ability for reader corruption and a stateful notion of privacy, the
model introduces both stronger and weaker notions of privacy compared to cur-
rent models. Extending the analysis from Coisel et al. the model was able to
distinguish the privacy properties of the five protocols, which was not possible
in the eight models examined in chapter 3.
Chapter 5
Classification of RFID Protocols
5.1 Introduction
In the most basic form, an RFID protocol involves the exchange of a unique
secret, commonly referred to as the ID of the tag, shared between the database,
tag and possibly also with the reader. Although this might seem like a simple
task at first, ensuring that this information is exchanged in a private manner is
a non-trivial task. Researchers often find themselves in the difficult situation of
sacrificing security in exchange for efficiency, allowing the protocol to be used in
a large network, or to implement stronger security in return for lower efficiency.
This situation is clearly reflected in the current state of RFID protocols, as will
be discussed for the remainder of this section.
With the large number of proposed RFID authentication protocols, attempts
have been made to classify them. Classifications allow for more convenient group-
ing of current protocols, as well as for comparison of future protocol. The two
most notable attempts of classification are by Yousuf and Potdar [62] in 2008,
and more recently in 2010 by Alomair et al. [4]. The work of Yousuf and Potdar
follows on the approach proposed by Park et al. [23], a key-exchange protocol
classification method, where protocols are categorized based on identifying es-
sential elements in the protocols and how they are used and/or combined within
the protocol. Alomair et al., on the other hand, take a vastly different approach
and attempt to correlate the efficiency of protocols based on the existence of an
internal updatable state. However while both methods have their merits, they
77
78 Chapter 5. Classification of RFID Protocols
are no longer sufficient for the increasing number of proposed protocols. In ad-
dition, it can be seen from the model presented in chapter 4 no longer apply to
some newer protocols. Thus this chapter proposes a new classification method
with the aim of offering a more comprehensive classification.
5.2 Previous Classification Methods
This section discusses the two previous proposed methods of classifying RFID
protocols.
5.2.1 Yousuf and Potdar
The work proposed Yousuf and Potdar [62] is heavily based on the work proposed
by Park et al. [23] in 2000. The intent of the original work is to classify public-
key protocols in order to clarify the similarities and differences between concrete
protocols. This is achieved by firstly identifying the type of authentication,
followed by the type of challenge values used and the use of acknowledgements.
Authentication is classified in one of three types, Implicit Authentication(IA),
Origin Authentication(OA) and Destination Authentication(DA). Similarly, chal-
lenge are categorized into forced challenge(F), self challenge(S) and no chal-
lenge(φ). Protocols that are DA and use forced authentication, are further
categorized into “No, Acknowledgement” and “Yes, Acknowledgement”.
Since this classification method is adapted from a work proposed for use with
public-key protocols, focused on abstracting entity authentication mechanisms
from public-key protocols, this method is much more suited for their intended
protocols. As the authors assume the presence of both a public-key and pri-
vate key, definitions given are based on the authentication properties achieved
through the use of a public and private-key pair. However, given that most RFID
protocols are not public-key protocols this type of classification is of limited use.
Nevertheless, it is still possible to categorize RFID protocols as Implicit Au-
thentication(IA), a category used to group all protocols that do not contain any
messages encrypted with the public-key pair. Consequently, in effect RFID pro-
tocols are only classified by their type of authentication challenge used, either
Self Challenge(S), Forced Challenge(F) or No Challenge(φ). This is determined
based on where fresh data, for example random nonce, used by a particular proto-
col is generated. In RFID protocols this is either the tag or the reader/database.
5.2. Previous Classification Methods 79
From the assumption that the foremost aim of protocols is for the reader to
authenticate tags, such that the reader/database is the verifier and the tag is
the principal, if fresh data is generated by the tag and sent to the reader (either
encrypted or as plaintext), then the protocol is said to be Self Challenge(S).
Likewise, if fresh data is generated by the reader/database and sent to the tag,
then a protocol is said to be Forced Challenge(F).
Park et al. [23] have recognized that by focusing on essential security elements
of protocols, it is inevitable that other important factors are overlooked. This
is most evident in the case of RFID applications, were protocols possess certain
security properties but also have to meet certain efficiency requirements. This
aspect is completely overlooked in this categorization method. An abstraction
of both the efficiency and security of protocols could be more suitable for RFID
protocols.
5.2.2 Alomair et al.
Later in 2010, Alomair et al. [4] discussed a method of classifying RFID proto-
cols based on the presence of an internal updatable state. Unlike the previous
approach, this type of classification was designed especially for RFID proto-
cols and aims to draw a relationship between the privacy of protocols and the
reader/database information retrieval complexity.
The authors categorized RIFD protocols into two main categories, stateful
and stateless, before further organizing stateless protocols as either linear-time or
logarithmic-time based on the computational complexity of the database during
retrieval. Protocols that utilize an internal updatable state are classified as
stateful, others are classified as stateless.
After outlining the classification of RFID protocols, the authors associate
both security and efficiency properties with each category. It is suggested that
while stateless protocols offer the highest level of efficiency, because the reader/-
database is not required to perform a large number of computations, they offer
the least protection being only secure against passive adversaries. Contrarily,
stateless protocols whilst much less efficient, offer protection against active ad-
versaries by randomizing tag responses. Stateless protocols, unlike stateful pro-
tocols, are further classified into linear-time and logarithmic-time in order to
differentiate their different levels of security and efficiency. Whilst logarithmic-
time protocols are more efficient than their linear-time counterparts by using a
80 Chapter 5. Classification of RFID Protocols
tree-based structure to organize tag data on the database, it also causes them to
be susceptible to a special form of data leakage due to their unique data structure.
Thus, linear-time protocols are claimed to be more secure than logarithmic-time
protocols.
Although such a classification approach has the advantage of simplicity, it
is achieved at the cost of vital abstractions or assumptions. This classification
method draws heavily upon the stereotypes of earlier proposed protocols. For
example, it is assumed that stateful protocols do not generate randomness on
the tag, a common feature in earlier proposed stateful protocols. This is not
necessarily the case, for example in the protocol proposed by Alomair et al. [3].
Likewise, using the same example, the assumption that stateful protocols do not
offer protection against active adversaries can also be easily contradicted.
5.3 Motivation
Protocols are constantly proposed to improve on previous ones, most commonly
on the basis of either efficiency or privacy. However as it is rather difficult for new
protocols to have advantages over previous protocols in all aspects, comparisons
would be much more interesting if protocols are compared with other protocols
that claim similar advantages. Yet due to the vast amount of proposed protocols,
choosing protocols to compared can be particularly time consuming. It would
therefore be most beneficial to classify protocols based on areas that are of most
intense interest to enable researchers to easily compare new work with most
similar proposals.
The two areas that are of most interest in RFID protocols are scalability and
privacy, or more specifically the computation efficiency of the database and the
traceability of the tag. It would be of interest to categorize protocols based on
these two factors. This would also be useful in highlighting any relationships
between these two seemingly unrelated factors. Lastly, a classification should
aim to be as comprehensive as possible allowing most if not all protocols to be
classified. Distinctive features of different protocols should also be organized
further into subclasses. However as outlined in the previous section, neither of
the proposed classifications achieve all the above mentioned goals.
5.4. Previous Protocols 81
Database Reader TagRR−→
H(ID‖NR‖NT ),NT←−H(ID‖NR‖NT ),NT←−
ID−→
Figure 5.1: Stateless Protocol
5.4 Previous Protocols
This section will discuss previous protocols using the classification of Alomair et
al.
5.4.1 Stateless Protocols
One of the first types of RFID protocols to be introduced are stateless protocols,
proposed by Weis [61] in 2003, in the form of two protocols known as Hash-Lock
and Randomized Hash-Lock. The protocols introduce the idea of two ’modes’ of
tag operation, locked and unlocked, where a tag defaults in locked mode replying
only with identification information. Only after it is authenticated with a reader
(by being identified) it enters its unlocked mode where other operations can be
used. The protocols were designed to protect the tag, by allowing the tag to
authenticate the reader, unlike most current protocols where emphasis is put on
the reader to correctly identify the tag. As stateless protocols do not make use of
an updatable state, once a tag is compromised, all secret information is revealed.
However, aside from this drawback, stateless protocols generally have a higher
degree of untraceability [5] when compared to their stateful counter parts, albeit
at the expense of scalability as we will discuss later.
The basic construction of a stateless protocol, as shown in figure 5.1, typically
makes use of two nonces, RR and RT generated by the reader and tag respectively,
along with a hash function, denoted as H. During a protocol run, the reader first
generates a nonce RR and which is passed on to the communicating tag which
in turn generates another nonce RT . The tag then replies with a response which
includes the hash output, consisting of both nonces and its secret ID, and the
generated nonce RT . This response is in turn forwarded by the reader to the
database, which returns the ID of the tag allowing the reader to identify the
communicating tag. Note that in most protocols, identification is considered
82 Chapter 5. Classification of RFID Protocols
to be successful if the database successfully returns an ID, and unsuccessful if
the database fails to identify the tag. However, as the reader cannot verify the
integrity of the returned data1, it is a requirement in most if not all protocols that
the communication channel between the database and reader is not susceptible
to attack and that both the database and reader cannot be targeted.
Linear Time Protocols
Linear-time protocols can perhaps be considered to be the most primitive and
inefficient. These protocols rely on the use of a noninvertible cryptographic hash
function. Consequently, the only way to identify a tag is for the database to
perform an exhaustive search until a match has been found.
The identification complexity of these protocols, as outlined above, is given
by O(N), were N is the number of tags in the system, hence their name. As a
result linear-time protocols are also the most unscalable type of protocol, and
very susceptible to denial-of-service attacks. Since the reader/database cannot
distinguish a legitimate message from a random message before investing heavy
computation, an adversary can trivially attack such a system by bombarding
it with random messages with the reader/database treating each message as a
response.
The main disadvantage of linear-time protocols, however, is also their main
advantage. For example, protocol shown in figure 5.1, if one is to put an ad-
versary in place of the reader and database, assuming that the adversary has
no knowledge of the information stored in the database, for the adversary to
determine the ID of the tag its only option is to perform a brute force attack
on all possible values of the ID. The only difference between the adversary and
a legitimate database/reader is knowledge of all tag IDs in the system limiting
the number of possible values to try.
There has been relatively little research focused only on these protocols due
to their inefficiency. One of the first linear-time protocols proposed was the ran-
domized hash-lock protocol by Weis [61], follow by relatively few improvements
most notably by Song et al. [57], and Weis et al. [60] and Henrici et al. [27].
Improvements were also made in [29] and [16], however, these have been adapted
as stateful protocols. It should be noted that although the amount of proposed
1Exceptions to this include some stateful protocols, especially those who do not require theexistence of a database.
5.4. Previous Protocols 83
protocols of this type is relatively little, this type of protocol is regarded as the
basic framework of nearly all later protocols.
Logarithmic Time Protocols
In an attempt to improve the scalability of linear time protocols, a tree-based
structure was proposed in 2004 by Molnar et al. [44], introducing the concept
of a hierarchical arrangement of tags thereby significantly improving the effi-
ciency of authentication. This approach has since been considered as one of the
most efficient methods of authentication. However this approach is not without
limitations and drawbacks. This section will discuss both the advantages and
limitations of such approach compared to traditional approaches that do not use
any explicit tag organizing structure.
The key difference between linear time and logarithmic time protocols is
the method of authentication. While both methods rely on exhaustive searches
by the database, the tree-structure of logarithmic time protocol significantly
reduces the number of searches. Shown in figure 5.2, using a tree structure,
the reader is only required to exhaustively search one branch every layer. Even
though the reader is required the search a number of layers, the overall amount of
computation required is still significantly less than that of linear time protocols.
The maximum number of computation, in this case hash operations, required
on the reader/database of systems using a tree-based protocol is given by b(logb
N), as there is a total of logb N layers, and N for other systems where b is the
branching factor of the tree and N is the total number of tags in the system.
When using the M-ary tree-based approach tags can be authenticated within
b(logb N) computations, as the depth of the tree is given by logb N, compared to N
computations otherwise. This is a dramatic improvement of total computational
efficiency for the reader and/or database, especially in large networks where a
large amount of tags are present.
Whilst there are significant advantages when using a tree-based structure, it
is not without drawbacks. Several potential drawbacks of a tree-based system
include the number of messages required per authentication session, the mem-
ory required to be used on a tag, and possibly the dynamic scalability of such
networks, all of which can potentially limit the feasibility of such networks.
An increase in messages would imply that each session takes longer to com-
plete. As most implemented RFID systems require authentication to be com-
84 Chapter 5. Classification of RFID Protocols
Figure 5.2: M-ary Tree Walking
pleted within a small timeframe, there exists the possibility that the time required
to transfer the required messages would exceed the required timeframe.
Whereas tree based protocols require logbN messages from each party per
authentication session, non-tree based protocols typically require no more than
two even when including the initial query from the reader. The number of mes-
sages required is dependent on the number of tags in the database, or rather the
maximum amount of tags that can be on the database, whereas in the case of
non-tree based schemes the number of messages remains constant independent
of how many tags that may exist in the database.
A major security threat of tree-based protocols was discovered by Avoine et
al. [8]. Due to the structure of the tag ID, where the tag is to store the ID of
each layer, the top layer IDs are shared amongst a number tags. Therefore, if a
single tag is compromised, all branch IDs of the tag would also be compromised
thus allowing the adversary to trivially distinguish tags that belong to a differ-
ent branch than that of the compromised tag. This vulnerability was studied
more in depth with proposed solutions, most notably using physically unclon-
able functions [12] and protecting the backwards channel [18], in a number of
papers [12, 14,18,30,41,43,47].
Group Protocols
A novel group-based protocol was proposed by Avoine et al. [6] to address pri-
vacy and efficiency concerns of tree-based protocols. In this protocol, tags are
arranged into groups, comparable to a two-layer tree, where each group shares
5.4. Previous Protocols 85
a secret key KG with each tag containing its own identifier ID and unique
secret key KID with the database. Authentication in this protocol is com-
pleted as a sequence of two messages, a nonce RR from the reader, and message
Enc[RR||RT ||ID]KGEnc[RR||RT ]KID
from the tag, where RT is a nonce gener-
ated by the tag. The database is required to then attempt to decrypt the first
part of the message Enc[RR||RT ||ID]KGwith all stored KG until a match is
found. After this it retrieves KID from the ID received from the message verify-
ing the second part of the message, Enc[RR||RT ]KID, thus verifying the identity
of the tag.
Group protocols are noted by Avoine et al. to be more efficient and private
when compared to tree based protocols. As the number of operations on the
database is dependent on the number of groups, the efficiency of the protocol
could be tweaked. The effects of compromise, on the other hand, are now smaller
as there can be a large number of groups. Compromising one tag now only
compromises its group whereas for tree-based protocols all sub-branches and
leaves are compromised. However, the level of compromise is also different,
as compromising a tag in the traditional tree-based structure only gives the
adversary the ability to distinguish tags between branches. Compromising a tag
in a group would allow an adversary to not only distinguish tags that belong to
a different group but also uniquely identify all tags within the same group.
5.4.2 Stateful Protocols
The most common type of RFID protocols are stateful protocols, introduced
partly to address efficiency concerns but also to allow for untraceability even
after a tag’s secret has been compromised. Stateful protocols are identified by
their use of an internal state, typically assumed to be an ID or a pseudonym,
that is used for similar purposes of the ID in stateless protocols. However,
unlike stateless protocols, which commonly rely on the use of a cryptographic
hash function, stateful protocols make use of a much larger variety of operations
ranging from binary XOR to asymmetric encryption. Stateful protocols are more
prone to implementation and storage limitations as opposed to computational
and communicational limitations of stateless protocols. Most stateful protocols
make use of mutual authentication. It is argued [4] that it is necessary for the
tag to authenticate the reader before it updates its state to ensure the legitimacy
of the update information.
86 Chapter 5. Classification of RFID Protocols
Database Reader TagQuery−→Enc(y)←−
Enc(y)←−y′−→
Figure 5.3: Stateful Protocol
An abstracted stateful protocol is shown in figure 5.3. In such protocols,
a tag responds to a reader’s query, either a general broadcast or a nonce, with
their encrypted state which is in turn decrypted by the database, or the reader in
some serverless protocols [2]. The database, or reader, updates the state for that
tag, after verifying the decrypted data, then passes on the update information
back to the tag allowing the tag to also update its state. Due to the final update
message, most stateful protocols are three-round protocols.
It may become apparent that stateful protocols are particularly susceptible
to state desynchronization attacks. By simply blocking the last message to the
tag, the database/reader would have already updated its information but the
tag would be left with an outdated state. Future authentication attempts as a
result will fail. The most common method to address this problem, such as used
in the popular SASI [17] protocol, is for the database to store concurrently two
states the current state and previous state; in the case of authentication failure
the previous states will be compared as well. However aside from the storage
increase, this also introduces two main drawbacks: firstly the extra time required
to compare previous states is comparable to that of linear time protocols, and
secondly, as a result the possibility of denial of service attacks remain. As a side
note, desynchronization recovery mechanisms also introduce the possibility of
replay attacks. For example, if an adversary captures messages from a previous
successful session, both the database and tag have been updated,
Another security vulnerability of concern is traceability. Unlike stateless pro-
tocols where tags randomize their response internally to provide untraceability,
stateful protocols seldom employ such method, for efficiency reasons, but instead
rely on state updates to provide such functionality. Consequently tags employing
stateful protocols are typically traceable between successful authentication ses-
sions, as their response would remain constant until their states are updated. For
example, if a stateful tag is carried around multiple RFID networks, which the
5.5. Extended Classification of RFID Protocols 87
tag does not belong to, the tag would respond to all queries using the same re-
sponse thus allowing not only active but also passive adversaries to trace this tag.
Notable attempts have been made to decrease this risk by introducing variable
responses using mechanisms such as counters [3].
5.5 Extended Classification of RFID Protocols
A summary of Alomair et al.’s classification is illustrated in figure 5.4. It can be
seen that the results suggested by the classification is not reflected in the model
presented in section . An extension to table 4.6 is shown below in table 5.1. As
can be observed, one the most noticeable drawbacks of the previous classification
is the stateful protocol assumption. Where stateful protocols are always assumed
to be less secure then their stateless counterparts.
Protocol ResultsSK-Protocol Weak Active+C1 Stateless
OSK Protocol Weak Active+C1 Stateful(Weak Passive+C1 Stateful)O-FRAP Destructive+C1+C2 Stateful(2) Private
Tree-Based Active StatelessPK-Based Active+C1 Stateless
Generic Stateful Protocol Passive+C1+C2 StatefulStateful Public-Key Protocol Active+C1+C2 Stateless
Table 5.1: Extension of Privacy Results of Proposed Model
Figure 5.4: Previous Classification of RFID Protocols
Thus this section presents an extended classification of RFID protocols based
on the classification of Alomair et al. [4]. As discussed in the previous sections,
88 Chapter 5. Classification of RFID Protocols
the main drawback of the classification of Alomair et al.’s method is its inability
to categorize newer protocols based on security and efficiency. However, this
drawback can be addressed by extending the classification based on finer proper-
ties and further clarification on privacy assumptions. The extended classification
does not replace or remove any classes from the existing classification, but rather
builds on the current framework, redefining their respective privacy and efficiency
categories.
5.5.1 Implications of Stateful and Stateless Protocols
One of the most questionable choices made in the classification of Alomair et al.
was to build the classes based on stateful and stateless protocols. They should
not be treated as the main classes of protocols, since the use of updateable states
does not have any implications on efficiency properties, and cannot completely
determine privacy properties. Both classes of protocols have their unique ad-
vantages and disadvantages. Thus in this classification, stateful and stateless
protocols are considered to be protocol types rather than protocol classes.
The most critical privacy property drawback of stateful protocols is de-
synchronization. De-synchronization occurs when the secrets between the reader
and tags no longer match. This can happen when a protocol execution is termi-
nated unexpectedly, or when an adversary impersonates a party thus executing a
malicious session with one of the parties. Malicious sessions can be particularly
problematic if secrets of one or both parties have been known to the adversary.
In the previous work, stateful protocols were described as more efficient proto-
cols. However,efficiency should be dependent on the construction and primitives
used in the protocol rather than the existence of a secret update mechanism.
Thus this section will outline possible privacy implications of different update
mechanisms. It needs to be emphasized that the two sub-classes of stateful pro-
tocols presented below are considered to belong to the same privacy class. Thus
neither class is considered to be more private than the other, they merely exhibit
different reactions under different situations. Therefore, the choice of protocol
class is highly dependent the intended application and requirements.
Self-Update Stateful Protocols
Self-updating stateful protocols are protocols where a tag updates its own state
independently, typically regardless of a successful authentication session. One of
5.5. Extended Classification of RFID Protocols 89
the most popular examples of a self-updating stateful protocol is the OSK proto-
col shown in table 3.2. Evidently, self-updating protocols are most susceptible to
de-synchronization, by simply initiating incomplete sessions with the tag. After
a certain number of incomplete sessions, the reader will no longer be able to
re-synchronize the tag, thus failing any subsequent authentication attempts. It
should be noticed that de-synchronization can be achived without the adversary
corrupting a tag or the reader.
These types of protocols are most useful in applications where the privacy
of the tag is more essential than the functioning of the system. Since the secret
updates can be completed without the help of the database, they are typically
irreversible. With the secrets being single-use, it is difficult for the adversary
to gain any useful information on previous secrets. Typically, it would also be
difficult for an adversary to trace a tag based on its response alone.
However, its main advantage might also be its fatal flaw. Since updates
are self generated and commonly based on previous secrets, privacy could also
easily be lost after a secret is revealed. By corrupting the secret of a tag, it
would be possible for an adversary to compute the new update from the protocol
specification thus trivially tracing the tag thereafter.
Hybrid-Update Stateful Protocols
The most distinctive difference between self-updating and hybrid-updating pro-
tocols is the requirement for the reader to successfully authenticate the tag before
the update is applied. In some case, it is also possible for the reader and the tag
to both contribute to the new secret to be updated. An example of this type of
protocol is shown in table 4.5. As shown in the table, the tag in the protocol
does not update its state until it receives NT , at which point the reader would
have successfully identified the tag. Compared to self-updating protocols it is
evident that this type of protocol is less susceptible to de-synchronization unless
the secrets of at least one party have been corrupted.
Although hybrid-update protocols are commonly less susceptible to de-synchro-
nization attacks, these types of protocols can be more prone to tracing. Since
the update of the state is dependent on the successful protocol session between
the two parties, traceability properties are similar to those of stateless protocols
in between state updates.
90 Chapter 5. Classification of RFID Protocols
5.5.2 Additional Classes of Protocols
In the proposed classification previously proposed classes, linear-time and logarithmic-
time, are retained. This section introduces additional classes of protocols to
complement the existing classification.
Indexed Protocols
Perhaps one of the most efficient types of RFID protocol, using a constant in-
dexable response requires only the database to perform a direct search. An
example protocol is shown in figure 4.4. One of the first protocols of this kind
to be proposed was the hash-lock protocol proposed by Weis [61], which was a
stateless protocol. Traceability protection can be given by the updates of the
internal state, otherwise the response of the tag will remain constant. Along
with low tag computation requirements, this type of protocol is commonly one
of the most memory efficient as the tags are only required to store their internal
state. Proposed protocols of this type include [40], [21], [3] and [61].
Public Key Protocols
Traditionally public-key encryption was considered to be overly intensive for use
with RFID protocols. However, recent advancements have gradually allowed such
primitives to be used. One of the most popular public-key protocols proposed is
the protocol of Vaudenay [59] and has also been analyzed in various RFID models
[15,56,59]. The distinguished property of public-key protocols is their ability to
encrypt and decrypt using different keys. When implemented appropriately this
property can be used to prevent traceability and corruption concerns.
5.6 Summary and Results of Extended Classi-
fication
This section presents a summary and results of the extended classification. Due
to the vast variety of proposed protocols, it is not possible to present a discrete
privacy property comparison of different protocol types. Nevertheless, the com-
parison given in this section would be a useful comparative measure of privacy
and efficiency between different protocol classes and types.
5.6. Summary and Results of Extended Classification 91
Some of implications are made in the proposed classification. These include
changes in previous assumptions of classifications as well as some novel implica-
tions:
• The class of protocol determines the privacy baseline.
• The type of protocol, i.e. stateful or stateless, does not have any implica-
tions on the efficiency of protocols.
• Stateful protocols are not any more or less private compared to stateless
protocols, but only stateful protocols are susceptible to de-synchronization.
The following list of protocol types is based on the order of privacy properties,
from weakest to strongest protocols. Interestingly, this order also reflects on the
efficiency of the protocols, from the most efficient to the least efficient protocols.
• Index Protocols
• Group Protocols
• Tree-based Protocols
• Linear Protocols
• Public-key Protocols
Along with the different classes, protocols also belong into one of three types
listed below. Note that the list below is not arranged in any particular order.
This is because no protocol type is considered to offer stronger privacy than
another, but rather each has its merits in different applications.
• Stateless
• Stateful Self-Update
• Stateful Hybrid-Update
A comparison of the privacy properties between stateful and stateless pro-
tocols is shown in table 5.2. Since stateless protocols do not make use of an
updatable state, they are therefore also immune to de-synchronization attacks.
However, stateless protocols are also most vulnerable to corruption of secrets
since the system is incapable of updating their secrets. In contrast, stateful
92 Chapter 5. Classification of RFID Protocols
protocols are susceptible to de-synchronization attacks but may exhibit stronger
resistance to corruption of states. Thus, depending on the priorities of the sys-
tem, each type of protocol may be more suitable for their respective situations.
The unique advantage of hybrid-update protocol is that they can behave simi-
larly to stateless protocols in between successful authentication sessions but at
the same time offer the ability to overcome corruption though tag updates.
Protocol Type De-synchronization Corruption TraceabilityStateless 4 8 ?
Stateful Self-Update 8 8 4
Stateful Hybrid-Update 8 4 ?
Table 5.2: Summary of Protocol Type
There are two main uses of the classification, both of which are most useful
to newly proposed protocols.
• Privacy and Efficiency Estimation of Protocols First and foremost,
when a new protocol is proposed, it would be possible to determine roughly
the privacy and efficiency property of the protocol before any further anal-
ysis takes place.
• Comparison with Similar Protocols Secondly, after an analysis has
taken place it is possible to determine any significant advantages or limi-
tations compared to existing protocols. The classification of new protocols
would ideally offer increased efficiency or privacy beyond other protocols
of their class or types. In other words, protocols should aim to establish a
class, or subclass, of their own. An example of this is given in chapter 7:
a tree-based protocol is proposed which approaches the privacy of linear
protocols but is at the same time more efficient thus establishing its own
subclass of tree-based protocols.
5.7 Conclusion
This chapter presented an RFID protocol classification method based on a method
introduced by Alomair et al. Two main changes were proposed in the extended
classification: first the clarification that being stateless or stateful does not neces-
sarily determine the efficiency of a protocol; secondly, the introduction of protocol
5.7. Conclusion 93
Figure 5.5: Extended Classification of RFID Protocols
classes. Overall, the extended classification presents an update to the previous
classification methods, providing a closer estimation of protocol properties and
suggesting possible shortcomings which future protocols can aim to improve.
Chapter 6
Pre-Computation
6.1 Introduction
In this chapter we will explore the feasibility of the current types of protocols
in terms of their communications efficiency as well as investigate the use of
pre-computation as a means to allow protocols to overcome this time barrier.
We show that pre-computation is not only a viable method for improving the
efficiency of RFID protocols, but also a practical means for achieving higher levels
of security in time-constrained applications. Using this method, we are able to
greatly reduce the time required during authentication while at the same time
remain with very reasonable computational and memory requirements. It can
also be observed that the technique can be applied to a range of protocols without
significant alterations. However, we also note that the use of pre-computation is
most suited for small to medium RFID networks. A concrete protocol is later
presented in chapter 7.6.2 which makes use of the technique explored in this
chapter.
6.2 Motivation and Previous Work
There is a vast number of proposed stateful protocols, particularly relative to
the number of stateless protocols, and their efficiency varies greatly. In this
chapter we will be discussing one of the most efficient types of stateful protocols
known as indexed stateful protocols; examples include EMAP [53], LMAP [52],
95
96 Chapter 6. Pre-Computation
LRMAP [25], and a protocol of Dimitriou [21]. These protocols are both scalable
and efficient. They utilize an invertible function to encrypt the tag’s identifier
and their security is dependent on the function chosen. Such an approach does
not require exhaustive search of all existing identifiers at the reader/database,
thus they are typically very efficient when compared to stateless protocols and
consequently scalable. However, because they do not require responses from
tags to be randomized they can therefore be traced by both passive and active
adversaries. Identifiers are updated only after each successful authentication, in
order to provide partial protection from the tag being traced, but consequently
they are susceptible to de-synchronization. De-synchronization occurs when the
identifier, or state, stored on a tag does not match the identifier stored on the
reader/database, causing authentication to fail.
As reflected by the protocols, scalability, traceability and efficiency have been
the main focus of most research. Little attention has been given to the issues
such as the amount of messages required to be exchanged and the time required
for each authentication. As there are many time-constrained RFID applications,
as mentioned earlier, this can greatly affect the feasibility of protocols. On a
side note, it should be recognized that the problem of communication efficiency
is much more prominent in stateless protocols than indexed stateful protocols.
Although there are a number of previous works such as these by Li et al. [40]
and Poulopoulos et al. [54] which focus on offering efficient authentication, they
typically do not offer protection against tracing. In this chapter, we show that
the use of pre-computation can not only greatly improve the communication
efficiency of RFID protocols, but also allows tags to be untraceable to a certain
extent. More recent work by Alomair et al. [3] proposed a protocol that allowed
constant-time identification using pre-computation. However, as their proposed
protocol makes use of an internal counter whose value is only known by the tag,
it requires very large amounts of data to be pre-computed before a system can be
initialized. We believe our approach is more flexible as it does not require the use
of very large pre-computed database and that our approach allows authentication
on an on-demand basis ultimately requiring less overall computation.
In summary, the novel contributions of this chapter are:
• a method of employing pre-computation in the design of time-efficient
RFID protocols;
• analysis of the security properties available using our methods which shows
6.3. Phases and Time of Authentication Protocols 97
that untraceability can be achieved;
• design of a specific protocol utilizing the method and a comparitive analysis
of its efficiency and security.
6.3 Phases and Time of Authentication Proto-
cols
Typically an RFID protocol involves the exchange of three messages between the
reader and tag. Most common stateless protocols have three message exchanges.
Although there are protocols with less than three messages, as well as protocols
that require more than three (most notably tree-based protocols) these can be
easily adapted into our notation simply by treating the last message as the third
message and all messages between the first and third combined to be the second
message. As shown in Figure 6.1, in the first message, a is a broadcast query
sent from the reader to initiate a session with the tag. The tag then responds
with message b, typically with information required for authentication. The
reader finally replies with the third message c both as an acknowledgement to
the authentication request as well as other data, such as the new tag secret,
required to finish the session.
Figure 6.1: Communication of Typical Authentication Protocols
An authentication session is completed in three phases, Session Initiation,
Session Process and Session Finalization.
98 Chapter 6. Pre-Computation
1. Session initiation is the phase in which the reader generates any data re-
quired for its initiation query, a. This phase commonly involves generating
and broadcasting a random nonce. The first phase ends when a tag receives
the query, thus entering the next phase.
2. The second phase is known as the Session Process phase, during which the
tag generates and replies with b to the point where the reader receives b
and has completed all operations for c to be transmitted. From the tag’s
point of view, this phase typically involves encrypting its secret identifier
using the received (as well as possibly its own generated) nonce before
sending it as b. On receiving b, the reader does what is required to decrypt
or verify b, commonly by searching database entries or performing various
cryptographic operations. The second phase ends when the reader finishes
verifying the identity of the tag, and if required perform any computation
necessary for the final message c.
3. The remaining phase, Session Finalization, consists of the final message c
from the reader as well as any remaining computation for both the reader
and tag.
In generalizing protocol sessions into the above phases we can now discuss
time accordingly. As shown in Figure 6.1, we consider three different notions of
time, Communication Time, Processing Time, and Total time.
• Communication Time, as the name suggests, is the time required for the
communication of protocol messages and all processing in-between, i.e.
from the start of the reader transmitting message a to the time the tag
receives message c.
• Processing Time denotes the time from which the tag replies with b to
the point before where the reader sends c. This is effectively the time
during which the database and reader are to perform the (typically) most
demanding operations, the Session Process phase.
• Total time is the total amount of time spent on the protocol session, i.e.
the total time of the three phases combined.
Practically, at a minimum, it is necessary for the tag to be in the range of the
reader for the duration of the Communication Time. Otherwise the session would
6.4. Phases and Time of Pre-Computed Protocols 99
not complete leading to a failed session. Therefore in this chapter our main aim
is to minimize Communication Time by offloading time-consuming computations
from the Session Process phase to earlier during an additional Pre-Computation
phase.
6.4 Phases and Time of Pre-Computed Proto-
cols
The aim of pre-computation is to offload most of the computation required for the
Session Process during a protocol session in order to decrease the Communication
Time of a protocol. Although it is possible for indexed stateful protocols to
utilize pre-computation, stateless protocols would see the most improvement, so
our example protocol is a stateless protocol.
The phases of pre-computation protocols follow very similarly to that of non-
pre-computation protocols, as shown in figure 6.2. Pre-computed protocols in-
troduce a Pre-Computation phase that has to be completed before a session is
initiated. During this phase, the reader/database performs the most expensive
computational operations that were originally performed during Session Process
phase; in most cases it would be the hash operations, or cryptographic oper-
ations required for exhaustive search. Evidently, not all protocols can utilize
pre-computation, only those where such offloading is possible.
Figure 6.2: Communication of Pre-Computed Protocols
After most computation has been completed during the Pre-Computation
phase, the resulting Session Process phase requires only minimal computation.
In the most extreme examples, such as the protocol example given later in this
100 Chapter 6. Pre-Computation
chapter, the reader is only required to perform a search of the pre-computed
data, which requires only minimal time. Using such a method, we are able to
reduce the Process Time dramatically and consequently also Communication
Time, thus allowing parties to be authenticated within a smaller timeframe.
6.5 EP-UAP: Efficient Passively-Untraceable Au-
thentication Protocol
In this section, we present a simple example protocol showing how pre-computation
can be implemented. This protocol is based on the idea of Randomized Hash-
Lock [61], and can be considered the pre-computed implementation of the Ran-
domized Hash-Lock protocol. We will be analyzing the efficiency and security of
this protocol, and at the same time comparing it to both indexed stateful and
stateless protocols, in later sections.
6.5.1 EP-UAP Pre-Computation Process
Pre-computation of EP-UAP consists of three steps:
1. Numerous random numbers, RR1, RR4, RR3, . . . , are generated.
2. H(ID1R||RRn) are calculated for all existing ID1R using a generated RRn.
3. Using H(ID1R||RRn) as an index for RRn all results are stored in the
database, after which we say that RRn is (pre-)computed.
The above process can be repeated until all possible values of RR are calcu-
lated, if resource on the database allows, or can be repeated until a predetermined
number of RR values are pre-computed. For maximum efficiency this process is
repeated until all possible values of RR, however as this can consume a large
amount of storage it is only recommended for reasonably small networks.
The protocol can also operate on a per-nonce generation basis. Here a nonce
is generated, with the succeeding database computation operations, when an
authentication session is required. Using such a process can be useful in low-flow
applications where authentication is requested infrequently.
6.5. EP-UAP: Efficient Passively-Untraceable Authentication Protocol 101
Figure 6.3: EP-UAP Authentication Process
6.5.2 EP-UAP Authentication Process
Authentication between a reader and tag consists of the following three message
exchanges, as shown in figure 6.3:
• In the initial step the reader broadcasts a precomputed RR along with a
communication query.
• After a query and RR has been received, T generates a fresh random nonce
RT which, in turn, is sent to R along with an authentication challenge mTR,
where mTR = H(ID1T ||RR). T would continue to compute the challenge
check message cT , where cT = H(ID2T ||RT ), whilst waiting for R’s response.
• Once R receives message (mTR,RT ), it searches for a IDi1R where H(IDi
1R||RR)
= mTR for the computed RR.
– If there exists IDi1R, where H(IDi
1R||RR) = mTR the tag would be con-
sidered to be authentic and the communicating tag would be identified
as IDi1R. Subsequently the associated IDi
2R would be used to construct
the challenge response message mRT , where mRT = H(IDi2R||RT ). mRT
is then sent back to T as a response to mTR. Once T receives mRT it
verifies whether mRT = cT .
∗ If mRT = cT , R is deemed as authentic and T would unlock for
further communication.
∗ If mRT 6= cT , R is considered to be hostile, consequently T will
terminate the current authentication session by ceasing further
communication with R until it receives a new query.
102 Chapter 6. Pre-Computation
– If there does not exists IDi1R, where H(IDi
1R||RR) = mTR, T is con-
sidered to be hostile, consequently R will terminate the current au-
thentication session, ceasing further communication with T.
6.5.3 EP-UAP Post-Authentication Process
Following the authentication process is the post authentication process. Al-
though not technically part of the protocol description, this section provides an
outline of common anticipated scenarios. The use of the post-authentication
process is dependent on the security and resource requirements of a database.
Three likely scenarios are described below.
• In the first scenario resources of the database are limited, and maximum
security is not required. Under the given conditions, the number of pre-
computed RR is most likely capped to a predetermined value in order to
restrict the use of resources on the database. After each successful authen-
tication between tag and reader/database, all values of H(ID1R,RRn) for
the given RR are deleted from the database to allow for a fresh RR to be
pre-computed.
• In the second scenario, resource is limited but maximum security is pre-
ferred. Under the given conditions, the number of pre-computed RR is
most likely capped to a predetermined value in order to restrict the use of
resources on the database. A pool of all possible values of RR is also created
and stored in the database. After each successful authentication between
tag and reader/database, all values of H(ID1R,RRn) for the given RR are
deleted from the database to allow for a fresh RR to be pre-computed, the
value of the authenticated RR would be removed from the pool of available
RR values. A fresh RR is randomly selected from the pool. If there are no
available RR, the pool will be recreated with all possible values of RR and
the previous process would be repeated.
• In the third scenario, resource is not limited and maximum security is
preferred. Under the given conditions, the number of pre-computed RR is
not capped. A pool of all possible values of RR is also created and stored
in the database. After each successful authentication between tag and
reader/database, all values of H(ID1R,RRn) for the given RR are deleted
6.6. Analysis of Protocols 103
from the database to allow for a fresh RR to be pre-computed, the value
of the authenticated RR would be removed from the pool of available RR
values. A fresh RR is randomly selected from the pool. If there is no
available RR in the pool, the pool will be recreated with all possible values
of RR and the process would be repeated. The first time this occurs this
database would have stored all possible values of H(ID1R,RRn); thus no
additional processing is required for future authentication sessions until
new tags are added in which all possible of H(ID1R,RRn) would be created
for that (ID).
6.6 Analysis of Protocols
In this section we compare the EP-UAP with three other protocols, an indexed
stateful protocol, LRMAP [25], and two stateless protocols, randomized hash-
lock [61] and a tree-based protocol proposed by Molnar et al. [44]. As most
indexed stateful protocols are of similar efficiency and scalability, any indexed
stateful protocol should be able to provide a general guideline regarding their
efficiency. Stateless protocols, however, are very different. We have chosen two of
the earliest protocols of each class of protocols which set very different efficiency
standards.
The randomized hash-lock is one of the first stateless protocols proposed and
is of linear time, whereas the tree-based protocol proposed by Molnar et al.,
one of the first protocols proposed in order to improve the efficiency of linear-
time stateless protocols, operates under logarithmic time. The efficiency of both
classes of stateless protocols has remained largely within the same range since
their introduction [62], thus they should be sufficient as a baseline comparison.
Overall the three protocols together should provide a good baseline comparison
on the efficiency of common RFID protocols.
6.6.1 Efficiency Analysis
First we discuss the efficiency of pre-computed protocols using EP-UAP as an
example. We focus only on the Session Process phase of the protocols, since if
we assume that all protocols are used for the same application, the efficiency of
the other phases would mostly remain constant. In this section, we take into
account the worst case scenario of each protocol. The following notation is used
104 Chapter 6. Pre-Computation
throughout the remainder of this section.
N : The total number of tags
Ht: Time required to perform one cryptographic
operation such as hashing
Tt: Time required to transmit one message1
b: Branching factor of a M-ary tree-based pro-
tocol
The time required to complete the Session Process phase is given by the sum of
the total time of computations required on the reader/database and tag as well
as the time for messages to be exchanged. Most messages exchanged are in the
form of a challenge and response which is considered to be two messages, one
from the challenger (typically a tag), and one from the respondent (typically the
reader/database). Although practically there would be other factors involved,
such as communication between reader and database and the time required to
perform searches, these operations are typically not specified by most protocols;
hence we assume that these times are constant for all protocols thus omitted from
the comparison. A summary of the comparison is given in table 6.1; a graph of
the relationships between the number of tags and time required is also shown in
Figure 6.4.
Figure 6.4: Authentication Time vs Number of Tags
6.6. Analysis of Protocols 105
Protocol Time Required Network SizeLRMAP (6 [+ N ])Ht
∗ + 2Tt Small - LargeRandomized H-L (N )Ht + 2Tt Small
Tree-based (b logb N)Ht + (logb N )Tt Small - MediumEP-UAP 3Ht + 2Tt Small - Medium
Table 6.1: Efficiency Comparison∗ Under the worst case scenario, where the tag is de-synchronized, an
exhaustive search is required to be performed by the database.
LRMAP
In a typical scenario, the LRMAP protocol requires a total of 3 hash operations to
be performed by the tag and another 3 to be performed by the reader/database,
however in the case of de-synchronization the reader/database is required to
perform an exhaustive search on all identifiers stored increasing the amount of
hash operations required by N resulting in a total of 3 + N operations. Note
that LRMAP could be considered as a ‘hybrid’ protocol, where during normal use
it is an indexed stateful protocol, but functions similarly to stateless protocols
during de-synchronization. Hence here we focus on normal usage scenarios where
the tag is assumed to be synchronized. Using LRMAP as an example, we can
safely conclude that in typical situations an indexed stateful protocol can offer
constant authentication performance, i.e. the time required for authentication is
independent of the number of tags or other similar factors.
As expected, regardless of the situation only two messages are required to be
exchanged under the LRMAP protocol during Session Process phase — one as
an authentication challenge from the tag and the other a challenge response from
the reader/database. As with nearly all indexed stateful protocols, LRMAP can
be used on small to large networks assuming that de-synchronization is rare.
Randomized Hash-Lock
Unlike indexed stateful protocols, stateless protocols do not require identifiers to
be updated, neglecting the possibility of de-synchronization. As such the number
of hash operations required to be performed by the reader/database under the
randomized hash-lock protocol remains at a constant N, with only one hash
operation required by the tag. However, since the load of the reader/database
increases relative to the total number of tags in the network, the time required
can potentially become unrealistically high if there is a large number of tags,
106 Chapter 6. Pre-Computation
hence this type of protocol is feasible on networks with a small number of tags.
Under all situations, two messages are required to be exchanged in the ran-
domized protocol during Session Process phase — one as an authentication chal-
lenge from the tag and the other a challenge response from the reader/database.
As the randomized hash-lock protocol requires up to N (average of N2
) hash
operations per authentication, putting a large amount of computational load on
the reader/database, it is feasible for use only on small networks.
Tree-based Protocols
Tree-based protocols make use of an M-ary tree in order to reduce the amount
of computation load on the database. However as we will outline, this approach
is not without its drawbacks. Using a typically top-down tree walking approach,
there would be a total of logbN layers in the tree with each branch having b
identifiers. As such, under exhaustive search the total number of hashes required
to be performed by the reader/database would be b logbN . The number of op-
erations required to be performed by the tag would consequently be the same.
Unlike the randomized hash-lock protocol, however, the tree-based protocol
authenticates by walking the tree layer by layer, consequently the total number
of messages required has also increased to logbN which is the total number of
layers in the tree. This is a major feasibility concern if a network has a large
number of tags but with a small branching factor, as it would require a unrealistic
number of messages per authentication. On the other hand, if a network is to
have a large branching factor the protocol would require more computation in
exchange for less messages per session.
Due to their tree walking nature, tree-based protocols can be used on much
larger networks compared to linear-time stateless protocols. The decrease in com-
putational load to b number of hash operations per step is a dramatic decrease
when compared to N, keeping the computational load on the reader/database
much more manageable.
EP-UAP
As the hash operations required to be performed have already been pre-computed,
only the verification of authenticity remains. As such the pre-computed protocol
requires only 1 hash operation to be computed by the reader/database, whereas
the tag would only have to compute 2, one as an authentication challenge and
6.6. Analysis of Protocols 107
the other for verification. As expected, Session Process phase of EP-UAP is
completed after two message exchanges.
This is a dramatic decrease in all areas when compared to the other protocols.
Most importantly, the EP-UAP protocol, assuming that the amount of tags in
the system remains constant, offers constant-time authentication i.e. the amount
of time required per authentication session remains constant regardless of the
number of tags, a feat achievable only by indexed stateful protocols.
Unlike other protocols, offloading the computational load during authentica-
tion by pre-computing the required operations places a new restriction on these
protocols, namely storage. Since pre-computed information must be stored in
the database, it might not be feasible if there is a large number of tags on the
network. Thus the deployment of pre-computed protocols is limited only in small
to medium networks. Nevertheless, we believe this is a worthwhile investment
given the vast improvement in efficiency. It should also be noted that this pre-
computed ‘database’ does not have to be stored or computed at a central location;
in many situations it would be more beneficial to have multiple independent sys-
tems where needed. For example, in smaller networks it is very possible for the
computation and data storage to be managed by the reader.
6.6.2 Security Analysis
An analysis of the EP-UAP protocol is conducted using the privacy model pre-
sented in chapter 4. The protocol was shown to achieve Weak Passive+C1
Stateless Private which is weaker than that of the SK-Protocol which achieved
Weak Active+C1 Stateless Private. Thus in this particular example, the use
of pre-computation has weakened the protocol. However, it should be noted
that this is highly dependent on this particular implementation as the protocol
presented in chapter 7.6.2 does not exhibit this weakened property.
Theorem 6.6.1. The EP-UAP protocol is Weak Passive+C1 Stateless Private.
Proof:
The proof is given by the ability for the PRF adversary, APRF , to build a
distinguisher that can win the PRF game, shown in appendix A.1, with non-
negligible probability. This is done by using the privacy game adversary, AGame
which can win the privacy game with non-negligible probability.
108 Chapter 6. Pre-Computation
The output of C will be used as the output of the PRF inside the privacy
game. The construction of the distinguisher is as follows:
• APRF interacts with AGame in place of the challenger CGame
• SetupReader(rpd) is executed, followed by the execution of Setup-
Tag(T) p unique2 times, where p ≥ 2. For each unique SetupTag(T),
APRF generates and assign values of K arbitrarily.
• Execute(T ) is simulated by first generating two random nonce RRi, RTi
and retrieving ID1T and ID2T corresponding to the called T . New unique
values, πR and πT , are created and inserted respectively. Messages x1 and
x2 is then created, where x1=ID1T‖RRiand x2=ID2T‖RTi . x1 and x2 is in
turn given to C returning y1 and y2. Lastly, (πR, πT , [RRi, RTi , y1, y2], Y)
is returned.
• CorruptTag(T ), values ID1T and ID2T corresponding to T is returned. If
T does not exist, φ is returned.
• Sync, Y is returned.
• At the end of Phase 1 AGame selects two tags Ti, Tj, both of which have
not been corrupted. APRF selects c, where c ∈{0,1}. If c = 0, Ti = Ta, Tj
= Tb, else Ti = Tb, Tj = Ta.
• The game continues on to Phase 2 with the operations of APRF functioning
as described for Phase 1.
• At the end of Phase 2, AGame outputs c′.
APRF than ends the game with C by outputting b′, where if c′ = c, b′ = 0, else
b′ = 1. Note that APRF win the PRF game when b = b′, thus when b = 0, where
C uses PRF , AGame outputs c′ = c with non-negligible probability. However,
when b = 1 C only reply iwth random messages. Thus, it is not possible for
AGame to gain any advantage. Thus
2The uniqueness refers to the values of T
6.7. Feasibility of EP-UAP 109
Pr(A wins) = Pr(b = b′)
= Pr(b′ = 0|b = 0)1
2+ Pr(b′ = 1|b = 1)
1
2
= Pr(c′ = c|b = 0)1
2+ Pr(c′ 6= c|b = 1)
1
2
= (1
2+ ε)
1
2+
1
4
=1
2+ε
2(6.1)
Therefore, if ε is non-negligible ε2
is also is non-negligible. This concludes the
proof.
6.7 Feasibility of EP-UAP
In this section we discuss the practical feasibility of pre-computation using the
EP-UAP protocol as an example. The performance of the protocols will be
compared by approximating the time required for one authentication in a network
with the same amount of tags. The network used in the comparison is a small-
to-medium network with 406900 tags. Tag identifiers are to be 256 bits in length
— most implemented tags today only use around 64-bit to 128-bit identifiers and
it is safe to assume that this number is only going to increase. It is also assumed
that the database can process around 100MB of hash operations per second. This
approximation is based on a dual-core processor operating at 1.83 GHz released
in 2007; more modern processors commonly have more than twice the amount
of cores operating at more than twice the frequency and quite possibly utilizing
more efficient architectures, hence this estimation should prove useful only as
a baseline. We also estimate the time required to transmit one message to be
approximately 20ms. The results in this section are computed using the formulas
from Table 6.1 under the above estimations.
As the efficiency of tree-based protocols depends on the branching factor
of the tree, b, we give three approximations of tree-based protocols: first with
minimum branching factor, from binary tree where b = 2, a reasonable branching
factor, where b = 25, and finally a large branching factor (relative to the number
of tags), where b = 212.
110 Chapter 6. Pre-Computation
Protocol Compute Transmit Process TotalTime (ms) Time (ms) Time (ms) Time (ms)
LRMAP 1.46 ×10−3 40 40 40Rand. Hash-Lock 1000 40 1040 1040
Rand. Hash-Lock (avg) 500 40 540 540Tree-based (b = 21) 9.1 ×10−3 380 380 380Tree-based (b = 25) 2.9 ×10−2 80 80 80Tree-based (b = 212) 15 40 45 45
EP-UAP 4.8 ×10−4 40 40 1040
Table 6.2: Comparison of Protocol Running Times
The results are given in Table 6.2. As show in the table, indexed stateful pro-
tocols such as the LRMAP protocol are expectedly the most efficient requiring a
minimum of only 40 ms, whereas the randomized hash-lock protocol requires the
longest time. The most interesting of the figures are perhaps for the tree-based
protocols. In order to optimize the tree-based protocols, one must find a suit-
able balance between the amount of computational load on the reader/database,
by increasing the branching factor, and the number of messages required for
authentication.
Aside from the authentication, practically we also have to take into account
the total time required for computation: process time. Whereas with the other
authentication protocols the total time required is around the same range as
their process time, this is not the case for pre-computed protocols. The notion
of pre-computation is to minimize the time required for communication session
by reallocating the time required for authentication into two periods of time,
where most time consuming computations are to be processed before the session
begins. However, total of the two times remains unchanged. Another limitation
of pre-computation protocols is the amount of storage required. Using the data
from Table 6.2 where there are 406900 tags, the database is required to store
at least 100 MB of data. This might not be a major problem as most modern
systems typically have multiple gigabytes of RAM, but would nevertheless limit
rate of authentication, i.e. the number of authentications within a period of time.
One possible issue that limits the feasibility of pre-computation protocols
are applications where there could be a continuous high rate of authentication,
resulting in the number of required authentications exceeding the number of com-
putations the database is capable of. This issue can be partially eased by either
increasing the computational power of the database or increasing the memory,
6.8. Conclusion 111
this can be achieved as the systems can be independent of each other. This in-
crease can also be temporary in applications where there are predicted periods of
high demand, such as workers coming and leaving work. However, we emphasize
that a large network is required for such events to occur, ones that we do not
recommend for pre-computation.
6.8 Conclusion
This chapter investigates the use of pre-computation as a means to minimize the
time required for authentication. By utilizing pre-computation we were able to
construct the EP-UAP protocol to demonstrate the benefits as well as outline the
drawbacks of the technique. We were able to show that by using pre-computation
we are able to provide untraceability to a certain extent whilst maintaining within
the efficiency range of indexed stateful protocols, which do not provide any un-
traceability.
In addition, the technique should be applicable for most protocols which
require an extensive amount of database computation during protocol execution.
However such protocols are only suited for small to medium networks due to
possible storage constraints but nevertheless an improvement over some stateless
protocols which are only suited for small networks.
The technique explored in this chapter is used in a protocol constructed in the
subsequent chapter in section 7.6.2. The protocol is comparatively more useful
than the EP-UAP protocol since it provides a higher level of privacy but at little
expense of efficiency.
Chapter 7
Alternate Tree-Walking
7.1 Introduction
A large amount of research has been focused on increasing the privacy of low-
cost RFID networks. However an increase in privacy often comes at the cost of
efficiency on the database. Of particular interest are tree-based protocols which
require comparatively little computation but were later shown to be susceptible
to information leakage.
In previous literature the tree-based protocols are often compared to the SK-
protocol. They are also the most often compared due to their striking similarity.
Their only difference is the use of shared secrets in the tree-based protocol, where
the SK-protocol uses unique secrets. It is can also be seen in chapter 4 and in the
survey by Coisel et al. [19] that due to their similarly, their privacy properties
can be difficult to distinguish. Although the model presented in chapter 4 is able
to distinguish between the two protocols, where the SK-protocol can achieve a
higher level of privacy compared to the SK-protocol due to the leakage of tree-
based protocol, it does not give indications on the severity of the leakage. Thus
one of the purposes of this chapter is to analyze the details of these differences.
This chapter also presents a scheme to minimize the privacy leakage in tree-
based protocols before presenting two protocols. In addition, this chapter identi-
fies a limitation, and then proposes an extension, of a current method of measur-
ing privacy leakage in RFID protocols. The protocols proposed are shown to leak
significantly less information compared to current proposed protocols whilst only
113
114 Chapter 7. Alternate Tree-Walking
requiring one-third of the computation when pre-computation is used. Also dis-
cussed is the work required to attack the protocols; it is shown that an attacker
is required to perform significantly more work to succeed.
7.2 Previous Work
This section will first outline a metric for measuring leakage of privacy in RFID
protocols before discussing currently proposed protocols. Each of the current
protocol types will also be analyzed using this measurement metric. Also of
interest, is the amount of computation required for each of the scheme to achieve
its level of privacy.
Unlike the model presented in chapter 4, the experiments throughout this
chapter are designed to capture different properties. The aim of the experiments
in this chapter are to specifically explore the difference in privacy properties in
different protocols where the number of corruptions are bounded. Whereas the
model is used to distinguish between the many different privacy properties of
different protocols, the experiments in this chapter only consider one property,
corruption, but at greater detail.
7.2.1 Measuring Privacy Leakage
The amount of privacy leakage has been analyzed and quantified in a number
of works [8, 14, 30, 47]. This chapter will focus on the work in [8] by Avoine et
al.. In the work, leakage is measured in the probability that an adversary can
distinguish between two tags in a privacy attack experiment. The experiment
can be considered as follows:
1. The adversary draws one tag, T0, and obtains its full set of secrets. The
tag is put back into circulation.
2. The adversary is then randomly given a tag Tj and is allowed to query the
tag as much as it wants. However, the adversary is not allowed to reveal
the secrets of the tags.
3. The adversary is now given two tags, T1 and T2 such that Tj ∈ {T1, T2}.The adversary wins the experiment if it outputs i, such that Ti = Tj.
7.2. Previous Work 115
In the experiment, the adversary is only given the power to query tags, i.e.
pretending to be a reader to interact with a tag. It should also be noted that
the method is based on the following assumptions. Firstly, all secrets are chosen
from uniformly random distribution, thus secrets should not be correlated with
each other. Secondly, the adversary cannot carry out an exhaustive search over
all possible values. Finally, the only way for an adversary to obtain the secret of
a tag is by tampering with a tag.
The notation that is used throughout this chapter follows closely to the no-
tation used by Avoine in [8]. A secret is represented in ksl , where l denotes the
layer of that the secret belong, and s representing the secret within layer l.
7.2.2 Linear Protocols
Linear protocols require a linear amount of computations per authentication
attempt and so are one of the most inefficient types of RFID protocol. In the
protocols, each tag Ti shares a single unique secret, ki, with the reader. A generic
construction of a linear-time protocol based on the randomized hash-lock is shown
in figure 7.1. For every run of the protocol, the reader/database generates a
random nonce, NT which is sent to the tag at the start of a protocol. The tag in
turn generates another nonce, NT , which is sent along with H(NR‖NT‖k) where
H is a pseudo-random function. The reader/database is then required to perform
an exhaustive search of H(NR‖NT‖k) for all secrets k in the system. Thus
the database is required to perform a total of N operations per authentication
attempt, where N is the total number of tags in the system.
Reader Tag
k kNR−→
H(NR‖NT ‖k),NT←−Accept/Reject−→
Figure 7.1: Linear Time Protocol
Aside from the high computational requirement, however, linear protocols
have the advantage of no privacy leakage as secrets stored are not related between
tags. Using the experiment from section 7.2.1, the only cases where the adversary
is able to win is when either T1 or T2 is T0. As such the cases are as follows:
116 Chapter 7. Alternate Tree-Walking
• C1: (k0 = k1) ∧ (k0 6= k2) then the attack succeeds,
• C2: (k0 6= k1) ∧ (k0 = k2) then the attack succeeds,
• C3: (k0 6= k1) ∧ (k0 6= k2) then the attack definitely fails,
Thus, the probability of winning is:
Pr(win) = Pr(C1) ∨ Pr(C2)
= 2
(1
N
)(N − 1
N
)=
2N − 2
N2
7.2.3 Tree-Based Protocols
Tree-based authentication was proposed in 2004 by Molnar et al. [44]. They
introduced the concept of a hierarchical arrangement of tags that significantly
improves the efficiency of the authentication protocol at the reader. The main
motivation behind this approach is to solve the scalability issue associated with
linear protocols. This approach has since been considered as one of the most ef-
ficient methods of private authentication proposed [8], however it is not without
limitations and drawbacks. In the following section will discuss both the advan-
tages and limitations of such approach when compared to traditional approaches
that do not use any explicit tag organizing structure.
The key difference between tree-based and linear method of authentication;
whereas tree-based protocols take a top-down approach, i.e walk the tree layer-
by-layer from the top as shown in figure 7.2, other protocols take a horizontal or
linear approach, i.e. using the same analogy but with only one layer. Thus, each
tag in the same branch shares the same secret. In the end, it is possible that a
tag does not share any unique secret with the database, but instead a unique set
of secrets.
As shown in figure 7.2, authentication is now completed in a number of steps.
During each step, the database has to perform an exhaustive search within a
branch (instead of the entire set of tags). Hence the number of computations
required on the reader/database of systems using a tree-based protocol has been
reduced to b(logb N).
7.2. Previous Work 117
Figure 7.2: M-ary Tree Walking
CR/MW Protocol
Along with the scheme discussed above, the CR/MW protocol shown in figure
7.3, was proposed. Since tags are arranged in a tree, and each tag is to store
multiple secrets each corresponding to its branch in the tree, the protocol has
to be repeated for each layer in the tree. For each layer an exhaustive search
of the secrets within the branch is there required. For every protocol run the
reader generates a random nonce NR sent to the tag as a query. The tag in turn
generates a random nonce, NT , which is sent back along with ki⊕fs(0‖NR‖NT ),
where fs is a pseudo-random function. Finally the reader replies back with
ki⊕fs(1‖NR‖NT ) to finish mutual authentication before the protocol is executed
again for the next layer.
Reader Tag
k1, k2, k3, ...k∗NR−→
ki⊕fs(0‖NR‖NT ),NT←−ki⊕fs(1‖NR‖NT )−→
...Repeat for all k
Figure 7.3: CR/MW Scheme
When using the CR/MW scheme tags can be authenticated within b(logb N)
computations, where N is the total number of tags in the system, and b is the
branching factor of the tree. This is a dramatic improvement to the compu-
tational efficiency for the reader and/or database, especially in large networks
where a large amount of tags are present. Whereas typically a decrease in oper-
118 Chapter 7. Alternate Tree-Walking
ational load on the reader typically implies an increase on the tag, it is not the
case in this situation. The number of operations required per iteration of the
protocol remains constant.
Whilst there are significant advantages when using a tree-based structure, it
is not without drawbacks. Several potential drawbacks of a tree-based system
includes the leakage of information, and the number of messages required per
authentication session.
One of the most significant drawbacks of using a M-ary tree based approach
is the leakage of information when secrets of tags are revealed. Where in linear
protocols there exists only one unique secret per tag, in tree-based protocols
there are multiple secrets per tag, of which most are shared among other tags.
Thus revealing the secrets of one or multiple tags will dramatically reduce the
privacy of the system as a whole.
Thus the possible outcomes of the experiment are as follows:
• C1i = ((k0i = k1i ) ∧ (k0i 6= k2i )) then the attack succeeds,
• C2i = ((k0i 6= k1i ) ∧ (k0i = k2i )) then the attack succeeds,
• C3i = ((k0i 6= k1i ) ∧ (k0i 6= k2i )) then the attack definitely fails,
• C4i = (k0i = k1i = k2i ) then the attacks fails at level i but can move onto the
next level i+ 1
The probability of an adversary winning the experiment is as below, where δ
denotes the branching factor of the tree.
Pr(win) = Pr(C11 ∨ C2
1) +l∑
i=2
(Pr(C1
i ∨ C2i )×
i−1∏j=1
Pr(C4j )
)
=2(δ − 1)
δ2+
l∑i=1
(2(δ − 1)
δ2
(1
δ2
)i−1)
= 2(δ − 1)1−
(1δ2
)l1− 1
δ2
1
δ2.
Avoine et al. [8] also showed that the probability of the adversary winning
can be lowered significantly if the branching factor, δ, is sufficiently large.
7.2. Previous Work 119
7.2.4 Group Protocols
A proposal to improve the tree-based scheme by Avoine et al. [6] is in the form
of group protocols. In group protocols, tags are arranged into different groups
instead of a tree. It can also be considered that in this approach, tags are
arranged into a two-layer tree. The number of secrets required to be stored by
the tag has also been reduced to only two: a group secret k1 and a tag secret k2.
Structurally, assuming that all groups are balanced, in a system with N tags,
there are to be N12 groups with N
12 elements(tags) each.
The group protocol proposed by Avoine et al. is shown in figure 7.4. For
each protocol execution the reader generates a random nonce, NT , which is sent
to the tag. The tag then also generates a nonce, NR, and replies with message
Ek1(NR‖NT ), Ek2(NR‖NT ). After receiving the message, the database tries to
decrypt Ek1(NR‖NT ) trying all group secrets, k1. Once a match is found, the
database continues to decrypt Ek2(NR‖NT ) using all k2s within the group. Thus
the number of computations required by the database is now 2N12 .
Reader Tag
k1, k2 k1, k2NR−→
Ek1(NR‖NT ),Ek2
(NR‖NT )←−
Accept/Reject−→
Figure 7.4: Group Protocol
The possible outcomes of the privacy experiment are now as follows:
• C1 = ((k01 = k11) ∧ (k01 6= k21)) then the attack succeeds,
• C2 = ((k01 6= k11) ∧ (k01 = k21)) then the attack succeeds,
• C3 = ((k01 6= k11) ∧ (k01 6= k21)) ∧ ((k02 6= k12) ∧ (k02 6= k22))) then the attack
definitely fails,
• C4 = ((k02 = k12) ∧ (k02 6= k22))) then the attack succeeds,
• C5 = ((k02 6= k12) ∧ (k02 = k22))) then the attack succeeds
In order to obtain the minimum leakage of privacy, it is assumed that tag
secrets, k2, are unique within the entire system. Thus when there are N tags,
120 Chapter 7. Alternate Tree-Walking
the number of possible k1 values is N12 and the number of possible k2 values is
N . Under the given assumptions, we obtain the following:
Pr(win) = Pr(C1) ∨ Pr(C2) ∨ Pr(C4) ∨ Pr(C5)
=2N
12 − 2
N+
2N − 2
N2
7.3 Alternate-Tree Walking (ATW)
The privacy of the CR/MW scheme is heavily dependent on the branching factor
on the top layer [14], however it is not feasible to indefinitely increase the branch-
ing factor. Thus this chapter proposes the alternate-tree walking scheme to cir-
cumvent this problem. The resulting scheme significantly reduces the amount of
leakage compared to traditional tree-based (and group) protocols whilst main-
taining a reasonable computational load on the database. The core concept of
alternate-tree walking is to start authentication from a layer in-between the top
and bottom layers of a tree, as opposed to authenticating sequential from the
top to bottom. The execution of the protocol is shown in figure 7.5. It should be
repeated that the protocol shown is an example protocol that uses the Alternate-
Tree Walking approach, a concrete protocol is given later in section 7.4.2.
Reader Tag
k1, k2, k3NR−→
ki⊕fs(2‖NR‖NT ),NT←−Accept/Reject−→
ki⊕fs(1‖NR‖NT )←−Accept/Reject−→
ki⊕fs(3‖NR‖NT )←−Accept/Reject−→
Figure 7.5: ATW Scheme
Before further detailing the approach, we outline the structural differences
between an M-ary tree and a 3-layer tree. Thus each tag only has to store 3
secrets, k1, k2, k3. Whereas in a balanced 3-layer tree the branching factor is
7.3. Alternate-Tree Walking (ATW) 121
always N13 , where N is the total number of tags in the system, an M-ary-tree
does not set any limits on its branching factor and consequently the number
of layers, making direct comparisons difficult. Therefore the remainder of this
section will compare the approaches under a 3-layer tree structure. It should
be emphasized that this tends to increase the advantage of the traditional tree
based approach because that this is when its branching factor is maximized, thus
leakage is also minimal.
7.3.1 ATW in a 3-layer tree
As shown in figure 7.6, authentication is completed in 3 steps starting from the
middle layer. Whereas traditional tree-based approach authenticate sequentially
down the tree, this approach starts from the middle back to the top before
working down the tree. In essence, this approach is to achieve benefits of a large
branching factor without altering the structure of the tree. In a tree structure it is
required that all secrets be unique within a branch, thus in traditional tree-based
approach the number of possible unique secrets in the initial branch is limited to
its branching factor. However, by starting authentication from a middle layer,
the number of possible unique secret values has increased to N23 from N
13 of the
traditional approach, and N12 of group protocols.
Figure 7.6: Alternate Tree-Walking
Also suggested in figure 7.6 is the possibility of shared layer-two secrets. Since
benefit of reduced information leakage comes at the expense of computations
required, by allowing secrets to be shared between branches it is possible to
establish a trade-off between computations required and information leaked. This
122 Chapter 7. Alternate Tree-Walking
trade-off will be further explored in the next section.
7.3.2 Comparison
In this section the proposed approach and previous proposals will be compared
using the experiment from section 7.2.1. For the rest of the section all tree-based
approaches are compared using the same 3-layer tree, thus when there are N
tags in the system the branching factor will be N13 . It is also assumed that in
this section the ATW scheme also uses the CR/MW protocol.
In the ATW scheme, the possible outcomes of the experiment are as follows:
• C1 = ((k02 = k12) ∧ (k02 6= k22)) then the attack succeeds,
• C2 = ((k02 6= k12) ∧ (k02 = k22)) then the attack succeeds,
• C3 = ((k02 6= k12) ∧ (k02 6= k22)) then the attack definitely fails,
• C4 = ((k02 = k12 = k22) then following cases are possible,
– C4.1 = ((k01 = k11) ∧ (k01 6= k21)) then the attack succeeds,
– C4.2 = ((k01 6= k11) ∧ (k01 = k21)) then the attack succeeds,
– C4.3 = ((k01 6= k11) ∧ (k01 6= k21)) then the attack definitely fails,
– C4.4 = ((k01 = k11 = k21) then following cases are possible,
∗ C4.4.1 = ((k03 = k13) ∧ (k03 6= k23)) then the attack succeeds,
∗ C4.4.2 = ((k03 6= k13) ∧ (k03 = k23)) then the attack succeeds,
∗ C4.4.3 = ((k03 6= k11) ∧ (k01 6= k23)) then the attack definitely fails.
From the above, it is possible to obtain the following probability:
Pr(win) = Pr(C1) ∨ Pr(C2) ∨ Pr(C4 ∧ (Pr(C4.1) ∨ Pr(C4.2) ∨
Pr(C4.4 ∧ (Pr(C4.4.1) ∨ Pr(C4.4.2)))
=2
N23
(N
23 − 1
N23
) +1
N43
(2
N13
(N
13 − 1
N13
) +1
N23
(2
N13
(N
13 − 1
N13
)))
=2N
23 − 2
N43
+1
N43
(2N
13 − 2
N23
+2N
13 − 2
N43
)
7.3. Alternate-Tree Walking (ATW) 123
Similarly, the probability of the traditional approach in a 3-layer tree is given
by the probability below:
=2N
13 − 2
N23
+2N
13 − 2
N43
+2N
13 − 2
N63
Also included in the comparison is group and linear protocols. It should be
noted that, consistent with previous sections, only group protocols are assumed
to have N k2 values, whereas both tree schemes are assumed to have N13 k1, k2,
and k3 values.
Figure 7.7: Leakage Comparison between Schemes
No# Tags CR/MW Group Linear ATW100 35% 20% 2% 9%500 22% 8.9% 0.4% 3%1000 18% 6.3% 0.2% 2%5000 11% 2.8% 0.04% 0.7%
Table 7.1: Leakage Comparison of Different Schemes
The comparison of the adversary advantage are shown in figure 7.7 and table
7.1. Evidently, the leakage of ATW is notably lower compared to previous pro-
posals. Particularly the level of leakage is approaching that of linear protocols,
as shown in figure 7.7.
124 Chapter 7. Alternate Tree-Walking
7.4 Limitations of Privacy Leakage Measurement:
The Extended Experiment
The experiment from [8], detailed in section 7.2.1, does not take into considera-
tion the ability for an adversary to view transcripts of past successful sessions,
a potential major increase of leakage of information. In a library scenario, tran-
scripts can be obtained by an adversary eavesdropping communication between a
reader (typically close to doors) and tags (attached to books) as they are carried
out. Having access to transcripts significantly increases the probability of the
adversary winning in the CR/MW scheme as the adversary is able to compare
all secrets at the same time, as opposed to given the next iteration of the pro-
tocol only when (k0i = k1i = k2i ). Thus this section proposes an extension to the
experiment from section 7.2.1 that also considers the adversary’s ability to view
successful protocol transcripts. The experiments will subsequently be compared.
In the new experiment, only step 2 and 3 need to be changed. The experiment
is now as follows:
1. The adversary draws one tag, T0, and obtains its full set of secrets, K01 ,
K02 , K0
3 , etc... The tag is put back into circulation.
2. The adversary is then randomly given a tag Tj and is allowed to query the
tag and request protocol past successful transcripts as much as it wants.
However, the adversary is not allowed to reveal the secrets of the tags.
3. The adversary is now given two tags, T1 and T2 such that Tj ∈ {T1, T2}.and is allowed to query both tags and request protocol past successful
transcripts as much as it wants. The adversary wins the experiment if it
can output i, such that Ti = Tj.
7.4.1 Comparison of experiment
In this section, the proposed extension of the experiment will be compared with
the original using the CR/MW scheme. Using the same 3-layer tree from previ-
ous sections, the possible outcomes of the extended experiment in the CR/MW
scheme would become as follows:
• C1 = ((k01 = k11) ∧ (k01 6= k21)) then the attack succeeds,
7.4. Limitations of Privacy Leakage Measurement: The Extended Experiment 125
• C2 = ((k01 6= k11) ∧ (k01 = k21)) then the attack succeeds,
• C3 = ((k02 = k12) ∧ (k02 6= k22))) then the attack succeeds,
• C4 = ((k02 6= k12) ∧ (k02 = k22))) then the attack succeeds
• C5 = ((k03 = k13) ∧ (k32 6= k23))) then the attack succeeds,
• C6 = ((k03 6= k13) ∧ (k03 = k23))) then the attack succeeds,
• C7 = ((k01 6= k11)∧ (k01 6= k21))∧ ((k02 6= k12)∧ (k02 6= k22)))∧ ((k03 6= k13)∧ (k03 6=k23))) then the attack definitely fails.
Thus:
Pr(win) = Pr(C1) ∨ Pr(C2) ∨ Pr(C3) ∨ Pr(C4) ∨ Pr(C5) ∨ Pr(C6)
For a more meaningful comparison, two cases of the CR/MW scheme will
be considered in the new experiment, its best case and worst case scenario. In
its best case scenario, all k3 and k2 secrets are assumed to be unique with its
layer. Thus there are N possible values of k3 and N23 possible values of k2. In its
worst case scenario, however, all secrets are assumed to be unique only within
its branch. As such there are N13 possible values of k3 and N
13 possible values of
k2. The possibilities are as follows:
Pr(win− best) =2N
13 − 2
N23
+2N
23 − 2
N43
+2N − 2
N2
Pr(win− worst) =6N
13 − 6
N23
No# Tags Old New Experiment New ExperimentExperiment Best Case Worst Case
100 35% 45% 99%500 22% 26% 66%1000 18% 20% 54%5000 11% 12% 33%
Table 7.2: Comparison of Experiments
The results of the comparison are presented in table 7.2 and figure 7.8. It
should be emphasized that in the old experiment, the values presented uses the
126 Chapter 7. Alternate Tree-Walking
same tree-structure as the worst case scenario in the extended experiment. In
the table it is shown throughout the experiments under the same conditions,
probability of the adversary winning when given successful protocol transcripts
increases by three-fold. Interestingly, it can be observed that, even in the best
case scenario, the probability of the adversary with transcripts winning is still
higher than worst case of the one without. Nevertheless, it is apparent that this
additional power of the adversary does not have any effect on group and linear
protocols.
On the side note, by giving the adversary transcripts the ATW scheme does
not gain any privacy advantage over the CR/MW scheme. For the rest of the
chapter the best case scenario from the extended experiment will be used as a
baseline for the CR/MW scheme.
Figure 7.8: Comparison of Experiments
7.4.2 The ATW Protocol
Using the ATW scheme with the CR/MW protocol does not gain any privacy
advantage over using the CR/MW scheme. Simply by analyzing protocol tran-
script it is possible for an adversary to gain the same amount of information as
the original approach. Thus the remainder of this section will be used to propose
protocols designed to take advantage of the reduced information leakage of the
ATW scheme.
7.4. Limitations of Privacy Leakage Measurement: The Extended Experiment 127
Reader Tag
k1, k2, k3NR−→
H(NT ‖NR‖k2)‖[H(NR‖k1)⊕H(NT ‖k3)],NT←−Accept/Reject−→
Figure 7.9: Alternate-Tree Walking Protocol (ATW-Protocol)
Figure 7.9 shows the ATW protocol designed to take advantage of the alternate-
tree walking scheme. Evidently, transcripts of this protocol do not leak any
more information than necessary. In the protocol, the database first verifies
the message by computing H(NT‖NR‖k2) for all k2 after which it checks for k1
where the value of k2 exists. The database then only computes the values of
H(NR‖k1)⊕H(NT‖k3) for which k2 exists under k1, and k3 exists under k2.
Due to the use of H(NR‖k1) ⊕ H(NT‖k3) to authenticate layer 1 and 2, it
should be noted that the leakage of information using this protocol is less than
that given in the previous section. If D = H(NR‖k1)⊕H(NT‖k3), the possible
outcomes of winning are:
• C1: (k01 = k11) ∧ (k01 6= k21)
• C2: (k01 6= k11) ∧ (k01 = k21)
• C3: (D0 = D1) ∧ (D0 6= D2)
• C4: (D0 6= D1) ∧ (D0 = D2)
For consistency the best case tree-structure, where there are N possible values
of k3 and N23 possible values of k2, will be used. The overall probability of
winning:
Pr(win) = Pr(C1) ∨ Pr(C2) ∨ Pr(C3) ∨ Pr(C4)
= 2(1
N23
)(N
23 − 1
N23
) + 2(1
N43
)(N
43 − 1
N43
)
=2N
23 − 2
N43
+2N
43 − 2
N83
The resulting leakages are shown in table 7.3. As the plot of the overall results
resembles that of figure 7.7, it will not be repeated. The results are in particular
128 Chapter 7. Alternate Tree-Walking
interesting as the leakage of the ATW protocol has been reduced by more than
50% than when the ATW scheme was compared using the CR/MW protocol.
No# Tags CR/MW Protocol Group Linear ATW Protocol100 9% 20% 2% 4%500 3% 8.9% 0.4% 0.08%1000 2% 6.3% 0.2% 0.04%5000 0.7% 2.8% 0.04% 0.08%
Table 7.3: Leakage Comparison of Different Protocols
7.5 Experiment with Multiple Corruptions
The experiment shown below is a further extension of the experiment shown in
section 7.4. In the new experiment, the adversary can reveal the secrets of an
unlimited number of tags. Thus it is expected when the number of corruptions
is equal or exceeds the number of secrets in a given layer, an adversary will
definitely be able to trace any tag. The experiment is given below:
1. The adversary draws one tag, Tm, and obtains its full set of secrets, (km,1,. . . ,km,l).
The tag is put back into circulation.
2. The previous step is repeated S number of times.
3. The adversary is then randomly given a tag Tj and is allowed to query
the tag and request successful protocol transcripts as much as it wants.
However, the adversary is not allowed to reveal the secrets of the tags.
4. The adversary is now given two tags, Ta and Tb such that Tj ∈ {Ta, Tb} and
is allowed to query both tags and request successful protocol transcripts.
The adversary wins the experiment if it can definitely output i, such that
Ti = Tj.
7.5.1 Notation
The notation used in this section is shared with the notation of previous sections
and are detailed below:
7.5. Experiment with Multiple Corruptions 129
SymbolN Total Number of tags in the systemS Number of known secretsS∗ Number of known secrets in layer *K Number of possible secrets (Length of secret)K∗ Number of possible secrets (Length of secret) in layer *
Table 7.4: Notation
7.5.2 Results
This section will present the results of the new experiment under the previous
protocols. Similar to the previous sections protocols are analyzed assuming the
best-case scenario of key distribution. In all plots shown throughout the section,
the notation used are as follows: N is the total number of tags, S is the number
of corrupted tags.
Whereas the previous experiments present a useful guideline to the leakage
of the ATW protocol compared to previous protocols, the results in this section
would complete the comparison by presenting the leakage of protocols when the
number of tags and corruption varies.
Linear
When analyzed under the experiment, the possibility for an adversary to win
the experiment is shown given below. As with previous experiments, the linear
protocol represents a baseline for protocols with no leakage. The results of the
experiment is given in the expression below:
Pr(win) =2NS − 2S
N2
The results of the experiment are shown in figure 7.10. As can be observed low
within the diagram, the probability of the adversary winning remains relatively
low. As expected, a dramatic increase in leakage can be observed where the
number of tags in the system is low and the number of corrupted tags is high.
7.5. Experiment with Multiple Corruptions 131
Group
Since the group protocol has two layers, assuming a best case scenario of secret
disturbing, there would be N12 groups where N is the total number of tags in the
system. Thus the probability of the adversary winning the experiment is given
below:
Pr(win) =2K1S1 − 2S1
K21
+2K2S2 − 2S2
(K2)2
The results of the experiment are also given in figure 7.11. It can be observed
that the general shape of the plot is similar to that of the linear protocol, however
the quantity of leakage has increased dramatically. It can also be seen that, as
expected, the probability reaches 100 percent when the number of known secrets
is equal to the number of groups. It should also be noted that the results are
consistent with those shown in the previous experiments and that the group
protocol should not be recommended for small networks.
Figure 7.11: Group-Based Multiple Corruption Results
132 Chapter 7. Alternate Tree-Walking
CR/MW
The results of the CR/MW protocol under the new experiment is shown in the
equation below:
Pr(win) =2K1S1 − 2S1
(K1)2+
2K2S2 − 2S2
(K2)2+
2K3S2 − 2S3
(K3)2
The result can also be found in figure 7.12. The diagram presents some
interesting results, most important of which is the amount of leakage of the
protocol. Whereas from the previous experiments with only one corruption it
would seem that the protocol can be used for large networks, the same cannot
be said when multiple number of corruptions are considered. Most astonishing
is the fact that it takes less than 60 corruptions in a system with 100000 tags
for the adversary to completely break the system’s privacy with certainty. Thus
when taking into account the results of this experiment, the protocol should not
be recommended for all systems were the corruption of tags is possible.
Figure 7.12: Tree-Based Multiple Corruption Results - 01
7.5. Experiment with Multiple Corruptions 133
ATW
The results of the Alternate-Tree-Walking protocol are shown in the expression
below:
Pr(win) =2(S1S2)(K1K2)− 2(S1S2)
(K1K2)2+
2K3S2 − 2S3
(K3)2
Figure 7.13: Alternate-Tree Walking Multiple Corruption Results
The results are also shown in figure 7.13. This diagram makes the most
interesting observations. The plot is separated into two sections, with the im-
plication the protocol either leaks very little privacy or offers no privacy. The
general shape of the plot is also similar to that of the CR/MW protocol without
the gradual increase in leakage when the number corrupted tags increase. Along
with the results from the previous experiments, it is shown that the amount of
134 Chapter 7. Alternate Tree-Walking
leakage in cases where the number of corruptions is low, the amount of leakage
is comparable to that of linear protocols. The privacy leakage of the protocol
remains low until the number of known secrets exceeds the number of possible
secrets in the first layer. When this situation occurs, the protocol no longer offers
privacy. Thus the protocol would be suitable for large networks where a mod-
erate number of tag corruptions are expected, and the protocol can be expected
to only leak a minimal amount of privacy until a certain threshold is reached.
7.6 Other Considerations
7.6.1 Privacy Analysis of the ATW-Protocol
Although the focus of this chapter is to examine the leakage of privacy in the
ATW-Protocol when corruption occurs. It is also essential to show that the
protocol is private using the model presented in chapter 4 when corruption is
not considered.
Theorem 7.6.1. The ATW-protocol shown in figure 7.9 is Active Stateless Pri-
vate.
Proof:
The proof is given by the ability for the PRF adversary, APRF , to build a
distinguisher that can win the PRF game, shown in appendix A.1, with non-
negligible probability. This is done by using the privacy game adversary, AGame
which can win the privacy game with non-negligible probability.
The output of C will be used as the output of the PRF inside the privacy
game. The construction of the distinguisher is as follows:
• APRF interacts with AGame in place of the challenger CGame
• SetupReader(rpd) is executed, followed by the execution of Setup-
Tag(T) p unique1 times, where p ≥ 2. For each unique SetupTag(T),
APRF generates and assign values of K arbitrarily.
• Initiate(T ) is simulated byAPRF checking the session table of both R and
T . New unique values, πR and πT , are created and inserted respectively.
πR and πT are returned to AGame.1The uniqueness refers to the values of T
7.6. Other Considerations 135
• Execute(T ) is simulated by first generating two random nonces RRi, RTi
and retrieving (K1, K2, K3) corresponding to the called T . Messages x1 =
(K1‖RRi‖RTi), x2 = (K2‖RRi
) and x3 = (K3‖RTi) are created. x1, x2 and
x3 are in turn given to C returning y1, y2 and y3. πR and πT are generated
similarly to Initiate(T ). Lastly, (πR, πT , [RRi, RTi , y1‖(y2 ⊕ y3)], Y) is
returned.
• SendTag(πT ,T, m) is simulated based on different circumstances. To begin,
If identifier T exists, the corresponding (K1, K2, K3) are retrieved, otherwise
φ is returned to signal a non-existent tag. In the case of a well formed
message m, i.e. a value of length α is received. Messages x1 = (K1‖m‖RTi),
x2 = (K2‖m) and x3 = (K3‖RTi) are created. x1, x2 and x3 are in turn given
to C returning y1, y2 and y3. Lastly, (y1‖(y2 ⊕ y3)) is returned. If message
m is not well formed, φ is returned.
• SendReader(πR, T , m) is simulated by verifying if session πR exists and
ensuring that it is associated with T . If session exists the corresponding RRi
and (K1, K2, K3) are retrieved, if RRidoes not exist φ is returned. Messages
x1 = (K1‖RRi‖RTi), x2 = (K2‖RRi
) and x3 = (K3‖RTi) are created. x1, x2
and x3 are in turn given to C returning y1, y2 and y3. If m = (y1‖(y2⊕y3)),Y is returned. Otherwise N is returned.
• At the end of Phase 1 AGame selects two tags Ti, Tj, both of which has not
been corrupted. APRF selects c, where c ∈{0,1}. If c = 0, Ti = Ta, Tj =
Tb, else Ti = Tb, Tj = Ta.
• The game continues on to Phase 2 with the operations of APRF functioning
as described for Phase 1.
• At the end of Phase 2, AGame outputs c′.
APRF than ends the game with C by outputting b′, where if c′ = c, b′ = 0, else
b′ = 1. Note that APRF win the PRF game when b = b′, thus when b = 0, where
C uses PRF , AGame outputs c′ = c with non-negligible probability. However,
when b = 1 C only reply iwth random messages. Thus, it is not possible for
AGame to gain any advantage. Thus
136 Chapter 7. Alternate Tree-Walking
Pr(A wins) = Pr(b = b′)
= Pr(b′ = 0|b = 0)1
2+ Pr(b′ = 1|b = 1)
1
2
= Pr(c′ = c|b = 0)1
2+ Pr(c′ 6= c|b = 1)
1
2
= (1
2+ ε)
1
2+
1
4
=1
2+ε
2(7.1)
Therefore, if ε is non-negligible ε2
is also is non-negligible. This concludes the
proof.
7.6.2 Further Reduction of Privacy Leakage for Small
Networks
This section proposes a modification of the protocol proposed in the previous
section that aims to minimize the leakage of information for small networks.
The protocol is shown in table 7.5.
Reader Tag
k1, k2, k3NR−→
H(NR‖k2)⊕H(NT ‖k1)‖H(NT ‖k2)⊕H(NR‖k3)),NT←−Accept/Reject−→
Table 7.5: Alternate-Tree Walking Protocol for Small Networks (ATWS-Protocol)
By requiring the database to compute H(NR‖S1)⊕H(NT‖S2) first, followed
by H(NR‖S2)⊕H(NT‖S3) the probability of the adversary winning has decreased
to:
Pr(win) =4N − 4
N2
Nevertheless, the number of required computations have increased to N23 +2N
13 .
However even though this scheme is aimed at small networks, the increased com-
7.6. Other Considerations 137
putational requirement is comparatively minimal compared to linear protocols.
A comparison is shown in the left plot in figure 7.14, it can be seen that al-
though the number of computations required has increased slightly, the increase
in privacy is significant as shown in the right plot of figure 7.8. More detailed
results are shown in table 7.6, evidently the ATWS provides a comparable level
of privacy to linear protocols at significantly less computational cost.
No# Tags ATW Linear ATWS100 9.3% 2% 2.1%200 5.8% 1% 1%300 4.5% 0.7% 0.7%400 3.7% 0.5% 4%
Table 7.6: ATW and ATWS Protocol Results Comparison
Further Reduction of Computation using Pre-Computation
This section discusses the use of pre-computation to reduce the amount of com-
putations required by the database. By pre-computing the values of H(NR‖k∗),it is possible to decrease the amount of time and computation required during
authentication. Although the method can be applied to both proposed schemes,
it would be most useful when applied to the ATWS-Protocol. By pre-computing
the values of H(NR‖S2) and H(NR‖S3) in H(NR‖S2)⊕H(NT‖S1)‖H(NT‖S2)⊕H(NR‖S3)), it is possible to reduce the number of computations during authen-
tication from N23 + 2N
13 to N
13 , allowing the protocol to complete authentica-
tion with less computations then the CR/MW scheme. A comparison is shown
in the left plot in figure 7.14, it can be seen that after pre-computation the
Precomputed-ATWS(P-ATWS) protocol requires the least number of computa-
tions.
It is interesting to note that the use of pre-computation in this instance does
not reduce the privacy of the protocol. Unlike the example EP-UAP protocol
shown in chapter 6, the level of privacy achieved by the pre-computed ATW
protocol is identical to that of the ATW protocol.
138 Chapter 7. Alternate Tree-Walking
Figure 7.14: Comparison of Computations Required between Protocols
7.7 Attacking the Scheme
An interesting aspect of protocols is the amount of work required by the adver-
sary to attack the scheme. Namely the amount of work required by the adversary
to brute-force the secrets from protocol messages. This aspect is comparatively
more important for RFID protocols due to their limited storage, making brute-
force attacks seemingly more attractive than for traditional key-exchange pro-
tocols. Assuming that the total amount of memory given to a tag for storing
secrets is K bits, the amount of work required is shown in table 7.7, and in the
right graph of figure 7.14. It can be observed that linear protocols require the
most amount of work to attack followed by the ATW-Scheme. It should be noted
that both protocols based on the ATW-Scheme require the same amount of work
to attack.
Tree Group Linear ATW
Work Required 3(2K3 ) 2(2
K2 ) 2K 2
K3 + 2
2K3
Table 7.7: Work Comparison
7.8 Conclusion
This chapter analyzed the leakage of information in linear, tree-based and group-
based RFID protocols. As well it addresses a limitation of a current privacy
7.8. Conclusion 139
measurement method. The chapter also proposed two protocols, the ATW pro-
tocol and ATWS protocol, which were showed to leak substantially less privacy
compared to analyzed protocols. The increased computational requirement of
the proposed protocols can also be offloaded though the use of pre-computation,
the resulting protocol can be completed using less computations than that of
tree-based protocols. The resulting P-ATWS protocol was able to match linear
protocols in terms of privacy but at the same time only require one-third of what
is required of tree-based protocols.
Chapter 8
Conclusion and Future Work
This section will summarize the results presented throughout the work, before
outlining possible work in the future.
8.1 Thesis Summary
The aim of this work is to propose more efficient and private protocols within
the limitations of RFID. In the process of addressing this aim, a number of
contributions are presented in the work.
In section 1.2, the following three objectives were identified:
• Determine a suitable formal RFID privacy model. This can be attained by
either adapting an already proposed model or to propose a novel model.
• Identify shortcomings or possible improvements of current RFID protocols.
• If interesting results are attained from the previous two objectives it would
be most useful to propose novel protocols that build on such findings.
First and foremost, a survey and comparison of previous RFID privacy model
was conducted and has identified limitations of current models. Subsequently, a
novel privacy model was proposed to address the limitations.
The model proposed not only addressed various usability and flexibility con-
cerns from previous models, but also identified and addressed other concerns.
141
142 Chapter 8. Conclusion and Future Work
Most notably the additional consideration of stateful protocols, allows the re-
sulting model to offer not only stronger privacy notions but also weaker notions.
Based on indistinguishability the model is also comparatively simpler to use than
most other models.
Subsequently a review of previous protocols was conducted. However, due to
the vast number of proposed protocols it is vital to generalize protocols based
on various primitives and constructions. Thus an extension of a previous clas-
sification was proposed. The extended classification consisted of two main con-
tributions: clarification that stateless and stateful protocol does not necessarily
determine the efficiency of a protocol, the addition of protocol classes.
Novel protocols have also been proposed. First the investigation of how pre-
computation can be used to improve efficiency of RFID protocols. The technique
was shown to be effective in reducing the time required for protocol sessions.
However, the technique does little to improve on the privacy of protocols. Also
investigated was the leakage of privacy of tree-based protocols. The protocol was
shown to be partially susceptible to privacy leakage. Consequently, the Alter-
nate Tree Walking scheme was proposed to address this concern. The scheme was
shown to be successful in dramatically minimizing the leakage of tree-based pro-
tocol, to a level that is comparable to no leakage of information. Pre-computation
was also used to improve the efficiency of the resulting protocol. The addition
of the proposed ATW protocol within the classification results in a new class of
protocols. Shown in figure 8.1, the new class of protocol is more private than the
tree-based protocols it was based on, and more efficient than linear protocols.
8.2 Future Work
There are a number of extensions of with the work that can be addressed. Due
to the fact that the work is focused on more traditional protocols that are de-
pendent on cryptographic primitives it does not consider protocols with other
hardware assumptions. Most notable is the absence of distance bounding proto-
cols. Such considerations can be incorporated into both the privacy model and
the categorization of protocols.
The extension of protocol classification is also not without its limitations.
Since the work focuses on identifying similar protocols with possible identifiable
privacy and/or efficiency implications, there exist protocols which are not dis-
8.2. Future Work 143
Figure 8.1: Alternate Tree-Walking in Protocol Classification
cussed in the work. Notable example include serverless protocols and distance
bounding protocols. Commonly some properties of these protocols are based on
additional hardware assumptions thus making their privacy or efficiency proper-
ties more difficult to generalize. However, such generalizations would allow for a
more complete classification of RFID protocols
Also open is the problem of achieving the strongest notions of privacy, namely
Active+C1+C2 Stateless and Active+C1+C2 Stateful privacy in the proposed
model. But as the Active+C1 notion of privacy is likely to require public-key
cryptography, such protocols are unlikely to be practical for RFID. Nevertheless,
the model is capable of analyzing said protocols when the need arises. Finally, it
would be of interest to further explore the privacy implications between different
levels of strong and weak privacy and between stateful and stateless privacy.
Appendix A
Cryptographic Definitions
A few cryptographic definitions that are used in the proofs of protocols through-
out the thesis: pseudorandom functions, one-way functions, and chosen cipher-
text attack. The definitions given in this appendix can be found in [31].
A.1 Pseudorandom Functions (PRFs)
Many protocols in the thesis assume the use of a hash function when implemented
practically. The most important feature require of the hash function is random-
ness. Thus proofs of protocols privacy will be conducted using pseudorandom
functions in place of hash functions.
The definition of a pseudorandom function is given below:
Definition A.1.1 (Pseudorandom Functions (PRFs)).
Let F : {0, 1} ∗ ×{0, 1} ∗ → {0, 1}∗ be an efficient, length-preserving, keyed
function. We say that F is a pseudorandom function if for all probabilistic
polynomial-time distinguishers D, there exists a negligible function negl such
that:
∣∣Pr[DFk(·)(1n) = 1
]− Pr
[Df(·)(1n) = 1
]∣∣ ≤ negl(n),
where k ← {0, 1}n is chosen uniformly at random and f is chosen uniformly at
random from the set of functions mapping n-bit strings to n-bit strings.
From the definition given above, a PRF distinguishing game is given below.
145
146 Appendix A. Cryptographic Definitions
• This game is played between APRF and challenger C
• C generates a random string K which is used as the input key to PRF
• C selects b ∈{0,1}
• APRF send messages m to C
• If b = 0, C replies with PRFK(m), otherwise C replies with {0,1}|m|
• APRF can send a random number of messages, until it outputs a guess for
b, b′
• If b′ = b, the APRF wins the game.
A.2 One-Way Functions
In general, a one-way function is a function that is easy to compute, but hard to
invert.
Definition A.2.1 (One-Way Function).
A function f : {0, 1} ∗ → {0, 1}∗ is one-way if the following two conditions hold:
1. There exists a polynomial-time algorithm Mf computing f ; that is, Mf =
f(x) for all x.
2. For every probabilistic polynomial-time algorithm A, there exists a negli-
gible function negl such that
Pr [InvertA,f (n) = 1] ≤ negl(n),
A.3 Left-or-Right Chosen-Ciphertext Attack (LOR-
CCA)
The most commonly used notion of CCA security is IND-CCA, however, it has
been shown in [10] [Theorem 4] that if a scheme is secure in IND − CCA then
it is also secure in LOR− CCA, but security is quantitatively lower.
For any encryption scheme Π = (Gen, Enc, Dec), the adversary ACCA and
value n for the security parameter ,the experiment is as follows:
A.3. Left-or-Right Chosen-Ciphertext Attack (LOR-CCA) 147
Definition A.3.1 (CCA Left-or-Right Experiment).
• This game is played between adversary ACCA and challenger C
• C generates key k by using running key generation oracle Gen(1n)
• C selects b ∈{0,1}
• ACCA is given access to oracles Enck(·), for message encryption, and Deck(·)for message decryption.
– For every Enck(·) query, ACCA selects a pair of messages (m0, m1) of
the same length.
– C returns Enck(mb)
– ACCA cannot query Deck(·) for any m0/ m1
• ACCA outputs a bit b′
• ACCA wins if b′ = b
Bibliography
[1] UHF Class 1 Gen 2 Standard v. 1.2.0.
[2] Rahman F. Ahamed, S.I. Hoque E., Kawsar F., and Nakajima T. Ya-
srap: Yet Another Serverless RFID Authentication Protocol. 2008 IET 4th
International Conference on Intelligent Environments, pages 1 – 8, 2008.
[3] Basel Alomair, Andrew Clark, Jorge Cuellar, and Radha Poovendran. Scal-
able RFID Systems: a Privacy-Preserving Protocol with Constant-Time
Identification. In the 40th Annual IEEE/IFIP International Conference on
Dependable Systems and Networks – DSN’10, Chicago, Illinois, USA, June
2010. IEEE, IEEE Computer Society.
[4] Basel Alomair and Radha Poovendran. Privacy versus Scalability in Ra-
dio Frequency Identification Systems. Computer Communication, Elsevier,
2010.
[5] Gildas Avoine. Adversary Model for Radio Frequency Identification.
(LASEC-REPORT-2005-001), September 2005.
[6] Gildas Avoine, Levente Buttyan, Tamas Holczer, and Istvan Vajda. Group-
Based Private Authentication. In IEEE International Workshop on Trust,
Security, and Privacy for Ubiquitous Computing – TSPUC, pages 1–6,
Helsinki, Finland, June 2007. IEEE, IEEE Computer Society.
[7] Gildas Avoine, Iwen Coisel, and Tania Martin. Time Measurement Threat-
ens Privacy-Friendly RFID Authentication Protocols. In S.B. Ors Yalcin,
editor, Workshop on RFID Security – RFIDSec’10, volume 6370 of Lecture
Notes in Computer Science, pages 138–157, Istanbul, Turkey, June 2010.
Springer.
149
150 BIBLIOGRAPHY
[8] Gildas Avoine, Etienne Dysli, and Philippe Oechslin. Reducing Time Com-
plexity in RFID Systems. In Bart Preneel and Stafford Tavares, editors,
Selected Areas in Cryptography, volume 3897 of Lecture Notes in Computer
Science, pages 291–306. Springer Berlin / Heidelberg, 2006.
[9] Gildas Avoine, Cedric Lauradoux, and Tania Martin. When Compromised
Readers Meet RFID. In H.Y. Youm and M. Yung, editors, Workshop on
Information Security Applications – WISA’09, volume 5932 of Lecture Notes
in Computer Science, pages 36–50, Busan, Korea, August 2009. Springer.
[10] M. Bellare, A. Desai, E. Jokipii, and P. Rogaway. A Concrete Security Treat-
ment of Symmetric Encryption. In 38th Annual Symposium on Foundations
of Computer Science, pages 394–403, 1997.
[11] Jens-Matthias Bohli and Andreas Pashalidis. Relations among privacy no-
tions. ACM Trans. Inf. Syst. Secur., 14:4:1–4:24, June 2011.
[12] Julien Bringer, Herve Chabanne, and Thomas Icart. Improved Privacy of
the Tree-Based Hash Protocols Using Physically Unclonable Function. In
Rafail Ostrovsky, Roberto De Prisco, and Ivan Visconti, editors, Security
and Cryptography for Networks, volume 5229 of Lecture Notes in Computer
Science, pages 77–91. Springer Berlin / Heidelberg, 2008.
[13] Mike Burmester, Tri van Le, and Breno de Medeiros. Provably Secure Ubiq-
uitous Systems: Universally Composable RFID Authentication Protocols.
In Conference on Security and Privacy for Emerging Areas in Communica-
tion Networks – SecureComm 2006, pages 1–10, Baltimore, Maryland, USA,
August–September 2006. IEEE, IEEE Computer Society.
[14] Levente Buttyn, Tams Holczer, and Istvn Vajda. Optimal Key-Trees for
Tree-Based Private Authentication. In George Danezis and Philippe Golle,
editors, Privacy Enhancing Technologies, volume 4258 of Lecture Notes in
Computer Science, pages 332–350. Springer Berlin / Heidelberg, 2006.
[15] Sebastien Canard, Iwen Coisel, Jonathan Etrog, and Marc Girault. Privacy-
Preserving RFID Systems: Model and Constructions. Cryptology ePrint
Archive, Report 2010/405, 2010.
[16] Ouyang Changqing, Wu Jixiong, Li Zhengyan, and Huang Shengye. An En-
hanced Security Authentication Protocol Based on Hash-Lock for Low-Cost
BIBLIOGRAPHY 151
RFID. In 2nd International Conference on Anti-counterfeiting, Security and
Identification(ASID 2008), pages 416 –419, aug. 2008.
[17] Hung-Yu Chien. Sasi: A new ultralightweight rfid authentication protocol
providing strong authentication and strong integrity. Dependable and Secure
Computing, IEEE Transactions on, 4(4):337 –340, October–December 2007.
[18] Wonjoon Choi and Byeong-hee Roh. Backward Channel Protection Method
for RFID Security Schemes Based on Tree-Walking Algorithms. In Compu-
tational Science and Its Applications - ICCSA 2006, volume 3983 of Lecture
Notes in Computer Science, pages 279–287. Springer Berlin / Heidelberg,
2006.
[19] Iwen Coisel and Tania Martin. Untangling RFID Privacy Models. Journal
of Computer Networks and Communications, 2012.
[20] Robert H. Deng, Yingjiu Li, Moti Yung, and Yunlei Zhao. A New Frame-
work for RFID Privacy. In Dimitris Gritzalis, Bart Preneel, and Marianthi
Theoharidou, editors, 15th European Symposium on Research in Computer
Security – ESORICS 2010, volume 6345 of Lecture Notes in Computer Sci-
ence, pages 1–18, Athens, Greece, September 2010. Springer.
[21] T. Dimitriou. A Lightweight RFID Protocol to Protect Against Traceability
and Cloning Attacks. In First International Conference on Security and
Privacy for Emerging Areas in Communications Networks (SecureComm
2005), pages 59–66, September 2005.
[22] Feng Bo Ding Zhen-hua, Li Jin-tao. A Taxonomy Model of RFID Security
Threats. 11th IEEE International Conference on Communication Technol-
ogy (ICCT 2008), pages 765 – 768, 2008.
[23] Colin Boyd Donggook Park and Ed Dawson. Classification of authentication
protocols - a practical approach. In In Third International Workshop on
Information Security, pages 194–208. Springer-Verlag, 2000.
[24] Imran Erguler, Emin Anarim, and Gokay Saldamli. Unbalanced States
Violates RFID Privacy. Journal of Intelligent Manufacturing, 23:1–9, 2012.
[25] JeaCheol Ha, JungHoon Ha, SangJae Moon, and Colin Boyd. LRMAP:
Lightweight and Resynchronous Mutual Authentication Protocol for RFID
152 BIBLIOGRAPHY
System. In Proceedings of the 1st international conference on Ubiquitous
convergence technology (ICUCT’06), pages 80–89, Berlin, Heidelberg, 2007.
Springer-Verlag.
[26] JungHoon Ha, SangJae Moon, Jianying Zhou, and JaeCheol Ha. A New
Formal Proof Model for RFID Location Privacy. In Sushil Jajodia and Javier
Lpez, editors, 13th European Symposium on Research in Computer Security
– ESORICS 2008, volume 5283 of Lecture Notes in Computer Science, pages
267–281, Malaga, Spain, October 2008. Springer.
[27] D. Henrici and P. Muller. Hash-based (enhancement of location privacy for
radio-frequency identification devices using varying identifiers). In Perva-
sive Computing and Communications Workshops, 2004. Proceedings of the
Second IEEE Annual Conference on, pages 49–153, March 2004.
[28] Jens Hermans, Andreas Pashalidis, Frederik Vercauteren, and Bart Preneel.
A New RFID Privacy Model. In 16th European Symposium on Research in
Computer Security – ESORICS 2011, Lecture Notes in Computer Science,
Leuven, Belgium, September 2011. Springer.
[29] Ramos C. Hoon Ko, Yunseok Chang. Tag Initiated Authentication Module
for Fast and Efficient RFID Security. Mobile Ubiquitous Computing, Sys-
tems, Services and Technologies. (UBICOMM ’08), pages 362 – 366, 2008.
[30] Xu Huang. Quantifying Information Leakage in RFID Systems. In 10th
International Conference on Advanced Communication Technology, 2008
(ICACT 2008), volume 1, pages 84–89, Feburary 2008.
[31] Yehuda Lindell Jonathan Katz. Introduction to Modern Cryptography: Prin-
ciples and Protocols. Chapman and Hall, 2007.
[32] A. Juels. Rfid Security and Privacy: a Research Survey. IEEE Journal on
Selected Areas in Communications, 24(2):381 – 394, feb. 2006.
[33] Ari Juels and Stephen Weis. Defining Strong Privacy for RFID. In Interna-
tional Conference on Pervasive Computing and Communications – PerCom
2007, pages 342–347, New York City, New York, USA, March 2007. IEEE,
IEEE Computer Society.
BIBLIOGRAPHY 153
[34] Junzuo Lai, Robert H. Deng, and Yingjiu Li. Revisiting Unpredictability-
Based RFID Privacy Models. In Jianying Zhou and Moti Yung, editors,
Proceedings of the 8th International Conference on Applied Cryptography
and Network Security – ACNS 2010, volume 6123 of Lecture Notes in Com-
puter Science, pages 475–492, Beijing, China, June 2010. Springer.
[35] Marc Langheinrich. A Survey of RFID Privacy Approaches. Personal and
Ubiquitous Computing, 13(6):413–421, August 2009.
[36] Hyangjin Lee and Jeeyeon Kim. Privacy Threats and Issues in Mobile RFID.
In The First International Conference on Availability, Reliability and Secu-
rity, 2006. (ARES 2006), page 5 pp., april 2006.
[37] Kaleb Lee, Juan Gonzalez Nieto, and Colin Boyd. Improving the Efficiency
of RFID Authentication with Pre-Computation. In Australasian Informa-
tion Security Conference (AISC), 2012.
[38] Kaleb Lee, Juan Gonzalez Nieto, and Colin Boyd. Minimizing Informa-
tion Leakage of Tree-based RFID Authentication Protocols using Alternate
Tree-Walking. In 17th Australasian Conference on Information Security and
Privacy, 2012. Full version of accepted short paper.
[39] Kaleb Lee, Juan Gonzalez Nieto, and Colin Boyd. A State-Aware RFID Pri-
vacy Model with Reader Corruption. In The 4th International Symposium
on Cyberspace Safety and Security (CSS), 2012.
[40] Jie Li, Yunfeng Wang, Baoying Jiao, and Yong Xu. An Authentication Pro-
tocol for Secure and Efficient RFID Communication. In 2010 International
Conference on Logistics Systems and Intelligent Management, volume 3,
pages 1648 –1651, 9-10 2010.
[41] Li Lu, Jinsong Han, Lei Hu, Yunhao Liu, and Lionel M. Ni. Dynamic
Key-Updating: Privacy-Preserving Authentication for RFID Systems. In
Fifth Annual IEEE International Conference on Pervasive Computing and
Communications (PerCom ’07), pages 13–22, March 2007.
[42] Changshe Ma, Yingjiu Li, Robert H. Deng, and Tieyan Li. RFID Pri-
vacy: Relation Between Two Notions, Minimal Condition, and Efficient
Construction. In Proceedings of the 16th ACM conference on Computer and
154 BIBLIOGRAPHY
communications security, CCS ’09, pages 54–65, New York, NY, USA, 2009.
ACM.
[43] David Molnar, Andrea Soppera, and David Wagner. A Scalable, Delegat-
able Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. In
Bart Preneel and Stafford Tavares, editors, Selected Areas in Cryptography,
volume 3897 of Lecture Notes in Computer Science, pages 276–290. Springer
Berlin / Heidelberg, 2006.
[44] David Molnar and David Wagner. Privacy and Security in Library RFID:
Issues, Practices, and Architectures. In CCS ’04: Proceedings of the 11th
ACM conference on Computer and communications security, pages 210–219,
New York, NY, USA, 2004. ACM.
[45] Ching Ng, Willy Susilo, Yi Mu, and Rei Safavi-Naini. RFID Privacy Models
Revisited. In Sushil Jajodia and Javier Lopez, editors, Computer Security -
ESORICS 2008, volume 5283 of Lecture Notes in Computer Science, pages
251–266. Springer Berlin / Heidelberg, 2008.
[46] Ching Ng, Willy Susilo, Yi Mu, and Rei Safavi-Naini. Rfid Privacy Models
Revisited. In Sushil Jajodia and Javier Lopez, editors, Computer Security -
ESORICS 2008, volume 5283 of Lecture Notes in Computer Science, pages
251–266. Springer Berlin / Heidelberg, 2008.
[47] Karsten Nohl and David Evans. Quantifying Information Leakage in Tree-
Based Hash Protocols. In Peng Ning, Sihan Qing, and Ninghui Li, editors,
Information and Communications Security, volume 4307 of Lecture Notes
in Computer Science, pages 228–237. Springer Berlin / Heidelberg, 2006.
[48] Miyako Ohkubo, Koutarou Suzuki, and Shingo Kinoshita. Cryptographic
Approach to ”Privacy-Friendly” Tags. In In RFID Privacy Workshop, 2003.
[49] Khaled Ouafi and Raphael C.-W. Phan. Traceable Privacy of Recent
Provably-Secure RFID Protocols. In Steven M. Bellovin, Rosario Gennaro,
Angelos D. Keromytis, and Moti Yung, editors, Applied Cryptography and
Network Security, 6th International Conference, ACNS 2008, New York,
NY, USA, June 3-6, 2008, Lecture Notes in Computer Science, pages 479–
489, Berlin, 2008. Springer.
BIBLIOGRAPHY 155
[50] Radu-Ioan Paise and Serge Vaudenay. Mutual Authentication in RFID:
Security and Privacy. In ASIACCS’08, pages 292–299, Tokyo, Japan, 2008.
ACM Press.
[51] Sweeney II Patrick J. CompTIA RFID+ Study Guide. Wiley Publishing
Inc., 2007.
[52] Pedro Peris-lopez, Julio Cesar Hern, Juan M. Estevez Tapiador, and Arturo
Ribagorda. Lmap: A Real Lightweight Mutual Authentication Protocol for
Low-Cost RFID Tags. In Proceedings of 2nd Workshop on RFID Security,
page 06. Ecrypt, 2006.
[53] Pedro Peris-Lopez, Julio Hernandez-Castro, Juan Estevez-Tapiador, and
Arturo Ribagorda. Emap: An Efficient Mutual-Authentication Protocol for
Low-Cost RFID Tags. In Robert Meersman, Zahir Tari, and Pilar Herrero,
editors, On the Move to Meaningful Internet Systems 2006: OTM 2006
Workshops, volume 4277 of Lecture Notes in Computer Science, pages 352–
361. Springer Berlin / Heidelberg, 2006.
[54] G. Poulopoulos, K. Markantonakis, and K. Mayes. A Secure and Efficient
Mutual Authentication Protocol for Low-Cost RFID Systems. In 2009 In-
ternational Conference on Availability, Reliability and Security. ARES ’09,
pages 706 –711, 16-19 2009.
[55] Steven Shepard. RFID Radio Frequency identification. The McGraw-Hill
Companies, Inc., 2005.
[56] Mohammad Reza Sohizadeh Abyaneh. On the Security of Non-Linear HB
(NLHB) Protocol Against Passive Attack. Cryptology ePrint Archive, Re-
port 2010/402, 2010.
[57] Boyeon Song and Chris J. Mitchell. Rfid Authentication Protocol for Low-
Cost Tags. In Proceedings of the first ACM conference on Wireless network
security, WiSec ’08, pages 140–147, New York, NY, USA, 2008. ACM.
[58] Tri Van Le, Mike Burmester, and Breno de Medeiros. Universally Com-
posable and Forward-secure RFID Authentication and Authenticated Key
Exchange. In Feng Bao and Steven Miller, editors, ACM Symposium on
Information, Computer and Communications Security – ASIACCS 2007,
156 BIBLIOGRAPHY
pages 242–252, Singapore, Republic of Singapore, March 2007. ACM, ACM
Press.
[59] Serge Vaudenay. On Privacy Models for RFID. In Kaoru Kurosawa, editor,
Advances in Cryptology – Asiacrypt 2007, volume 4833 of Lecture Notes
in Computer Science, pages 68–87, Kuching, Malaysia, December 2007.
Springer.
[60] Stephen Weis, Sanjay Sarma, Ronald Rivest, and Daniel Engels. Security
and Privacy Aspects of Low-Cost Radio Frequency Identification Systems.
Security in Pervasive Computing, 2802:50–59, 2004.
[61] Stephen August Weis. Security and Privacy in Radio-Frequency Identifica-
tion Devices. PhD thesis, MIT, 2003.
[62] Y. Yousuf and V. Potdar. A Survey of RFID Authentication Protocols.
In 22nd International Conference on Advanced Information Networking and
Applications - Workshops (AINAW 2008), pages 1346 –1350, March 2008.
Top Related